Effective Date: June 19, 2026
1. General & Controller Information
The purpose of this Privacy Policy is to inform individuals, clients, users, and visitors (hereinafter: “individual” or “you”) who interact with multibm.com (hereinafter: “the website” or “we”), about the purposes, legal bases, security measures, and the rights of individuals regarding the processing of personal data.
We value your privacy and process personal data strictly in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679).
Personal Data Controller
- Full Company Name:
Zelena naložba d.o.o. - Registered Business Address:
Viška cesta 27, 1000 Ljubljana, Slovenia - Contact Email: info@multibm.com
2. What is Personal Data?
Personal data means any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address), or email address.
3. Purposes of Processing and Legal Bases
We collect and process personal data on the following legal bases as defined by the GDPR:
3.1. Contacting Us and Lead Generation (Performance of a Contract / Pre-contractual steps)
When you submit an online contact form or express interest in our services on our website, we collect the personal data necessary to respond to your inquiry or take steps prior to entering into a business relationship.
- Data collected: First name, last name, email address, phone number, company name, and the content of your message.
- Legal Basis: Article 6(1)(b) GDPR – processing is necessary to take steps at the request of the data subject prior to entering into a contract.
- Retention: Until the inquiry is resolved, or up to 6 years following the end of communication if a business relationship is initiated.
3.2. Informing Individuals by Email / Newsletters (Consent)
If you explicitly subscribe to receive updates, newsletters, or marketing materials via our landing page, we will use your details to send you this information.
- Data collected: Email address, name.
- Legal Basis: Article 6(1)(a) GDPR – the data subject has given consent.
- Right to Withdraw: You may unsubscribe at any time via the link provided in each email or by emailing us directly. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Retention: Until you withdraw your consent or unsubscribe.
3.3. Technical Analytics and Web Optimization (Legitimate Interest)
When you visit multibm.com, certain technical and analytical data is automatically logged to ensure website security, optimize performance, and analyze user behavior.
- Data collected: IP address, device type, browser type, operating system, time of access, and referral website.
- Legal Basis: Article 6(1)(f) GDPR – processing is necessary for the purposes of legitimate interests pursued by the controller (maintaining website security and improving user experience).
- Retention: Up to 12 months, unless required longer for security incident resolution.
4. Contractual Processing and Data Transfers
We do not sell, rent, or unauthorizedly disclose your personal data to third parties. To run our landing page efficiently, we share data with trusted data processors who operate strictly on our behalf under a written Data Processing Agreement (DPA):
- IT infrastructure and web hosting providers.
- Email distribution and marketing automation tools.
- Web analytics tools (e.g., Google Analytics).
International Data Transfers
We process data primarily within the European Economic Area (EEA). If any third-party tool transfers data outside the EEA (such as to the United States), such transfers are strictly secured using Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.
5. Cookies
Our website uses cookies to ensure basic functionality and to collect traffic statistics. Essential cookies are loaded automatically, while non-essential tracking/marketing cookies require your explicit consent via our cookie banner.
| Cookie Name | Purpose | Duration | Type |
__ssid | Maintains website session states | End of session | Essential |
| woocommerce* | Maintains online store cart | End of session | Essential |
| wp_woocommerce_session* | Maintains online store states | 2 days | Essential |
| PH_HPXY_CHECK | Prevents brute-force attacks | End of session | Essential |
_multibm_visit | Counts internal unique visitor sessions (statistics) | 30 minutes | Analytics |
cookie_consent | Remembers your preferred cookie banner settings | 1 year | Essential |
You can manage, block, or delete cookies at any time via your browser settings.
6. Data Security
We implement appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure. This includes utilizing SSL/TLS encryption across the entire website.
7. Your Rights Under the GDPR
As a data subject under the GDPR, you hold the following rights, which you can exercise free of charge by contacting us at info@multibm.com:
- Right of Access (Art. 15 GDPR): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data.
- Right to Erasure / “To be forgotten” (Art. 17 GDPR): Request the deletion of your data, provided no overriding legal obligation requires its retention.
- Right to Restriction of Processing (Art. 18 GDPR): Limit how we process your data under specific conditions.
- Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21 GDPR): Object to processing based on our legitimate interests (including direct marketing).
We will respond to your request without undue delay and at the latest within one month.
Right to Lodge a Complaint
If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or the place of the alleged infringement.