GstarCAD
Legal

Privacy Policy

Last Updated: March 19, 2026 Effective: March 19, 2026

E-DISTI d.o.o. (“E-DISTI”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to your data when you use our website and services.

This policy applies to all visitors, customers, and users of the website operated by E-DISTI for the sale and promotion of GstarCAD software products.

Important

By using our website, creating an account, submitting a form, or placing an order, you acknowledge that you have read and understood this Privacy Policy. We process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Slovenian Personal Data Protection Act (ZVOP-2).

1. Data Controller

The data controller responsible for your personal data is:

E-DISTI d.o.o.
Litijska cesta 259, 1261 Ljubljana, Slovenia
VAT ID: SI72537094
Registration Number: 3792234000
Email: info@gstarcad.si

For any questions or requests regarding your personal data, you may contact us at the email address above.

2. Personal Data We Collect

2.1 Data you provide directly

We collect personal data that you voluntarily provide when using our website:

  • Account registration: name, email address, and password
  • Purchases: billing name, company name, address, email address, phone number, VAT ID (if applicable), and order details
  • Contact form: name, email address, phone number, company name, and the content of your message
  • Demo request form: name, email address, phone number, company name, job title, intended use type, and any additional details you provide
  • Support requests: name, email address, license or order details, and the content of your inquiry

2.2 Data collected automatically

When you visit our website, certain technical data is collected automatically:

  • Device and browser information: browser type and version, operating system, screen resolution, and device type
  • Usage data: pages visited, time spent on pages, referring URL, and navigation paths
  • Network data: IP address and approximate geographic location derived from IP
  • Cookies and similar technologies: as described in our Cookie Policy

2.3 Data from third parties

We may receive limited data from third-party services used to process your transactions, such as payment confirmation status from Stripe or PayPal. We do not receive or store your full payment card details.

3. Purposes and Legal Bases for Processing

We process your personal data only when we have a valid legal basis under Article 6 of the GDPR. The table below summarises our processing activities:

3.1 Performance of a contract (Art. 6(1)(b))

  • Processing and fulfilling your orders, including delivering license keys and download links
  • Creating and managing your user account
  • Processing payments through our payment providers
  • Providing purchased support services
  • Communicating with you about your orders, licenses, or support requests

3.2 Legitimate interest (Art. 6(1)(f))

  • Responding to inquiries submitted via contact and demo request forms
  • Managing customer relationships through our CRM system
  • Improving our website, products, and services based on aggregated usage data
  • Protecting against fraud, abuse, and security threats
  • Maintaining internal business records and analytics

3.3 Legal obligation (Art. 6(1)(c))

  • Retaining invoicing and transaction records as required by Slovenian tax and accounting law
  • Responding to lawful requests from regulatory authorities

3.4 Consent (Art. 6(1)(a))

  • Sending marketing communications, newsletters, or promotional offers (only when you have explicitly opted in)
  • Setting non-essential cookies as described in our Cookie Policy

You may withdraw your consent at any time by clicking the unsubscribe link in any marketing email or by contacting us at info@gstarcad.si. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

4. How We Share Your Data

We do not sell your personal data. We share data only with trusted third-party service providers who process it on our behalf or as necessary to deliver our services:

4.1 Payment processors

  • Stripe, Inc. — processes credit and debit card payments. Stripe acts as an independent data controller for payment data. Stripe Privacy Policy
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. — processes PayPal payments. PayPal Privacy Policy

4.2 Customer communication and management

  • Brevo (Sendinblue) — used for transactional emails (order confirmations, license delivery) and, where you have consented, marketing communications. Data processed: name, email address, and interaction history. Brevo Privacy Policy
  • Intrix CRM — used for managing customer relationships, inquiries, and demo requests. Data processed: name, email, phone, company, and inquiry details. Intrix Privacy Policy

4.3 Hosting and infrastructure

Our website is hosted on servers located within the European Union. We use industry-standard hosting providers that maintain appropriate technical and organisational security measures.

4.4 Legal requirements

We may disclose your data if required by law, court order, or regulatory authority, or if disclosure is reasonably necessary to protect the rights, property, or safety of E-DISTI, our customers, or the public.

5. International Data Transfers

Where possible, your data is processed within the European Economic Area (EEA). Some of our service providers (such as Stripe and PayPal) may transfer data outside the EEA. In such cases, we ensure that appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The service provider’s certification under an applicable framework

You may request information about the specific safeguards applied to transfers of your data by contacting us.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law:

  • Account data: retained for the lifetime of your account and deleted within 30 days of account deletion, unless retention is required by law
  • Order and transaction records: retained for a minimum of 10 years from the date of the transaction, as required by Slovenian tax and accounting legislation
  • Contact and demo request data: retained for up to 2 years from the date of the last interaction, or until you request deletion
  • Marketing data: retained until you withdraw consent or unsubscribe
  • Automatically collected data: aggregated analytics data is retained indefinitely; raw data containing IP addresses is retained for up to 26 months

When data is no longer needed, it is securely deleted or anonymised so that it can no longer be linked to you.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us at info@gstarcad.si.

  • Right of access — you may request a copy of the personal data we hold about you
  • Right to rectification — you may request correction of inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”) — you may request deletion of your data, subject to legal retention obligations
  • Right to restriction of processing — you may request that we limit how we use your data in certain circumstances
  • Right to data portability — you may request your data in a structured, commonly used, machine-readable format
  • Right to object — you may object to processing based on legitimate interest, including profiling and direct marketing
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
  • Right to lodge a complaint — you have the right to file a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec) at www.ip-rs.si

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted between your browser and our servers
  • Secure password hashing for user accounts
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular security updates and monitoring of our systems

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you become aware of a security vulnerability or breach, please contact us immediately.

9. Cookies

Our website uses cookies and similar technologies to ensure proper functionality, analyse usage, and improve your experience. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

10. Children’s Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a person under 18, we will take prompt steps to delete it. If you believe a child has provided us with personal data, please contact us immediately.

11. Third-Party Links

Our website may contain links to third-party websites and services. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party websites, and we encourage you to review their privacy policies before providing any personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Changes will be posted on this page with an updated “Last Updated” date.

Material changes — such as new categories of data processing or new data sharing arrangements — will be communicated to registered users via email before taking effect. Your continued use of the website after changes are posted constitutes acceptance of the revised policy.

13. Contact

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a concern about how we handle your data, please contact us:

E-DISTI d.o.o.
Litijska cesta 259, 1261 Ljubljana, Slovenia
Email: info@gstarcad.si
VAT ID: SI72537094

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner of the Republic of Slovenia
(Informacijski pooblaščenec)
Dunajska cesta 22, 1000 Ljubljana, Slovenia
Website: www.ip-rs.si

© 2026 E-DISTI d.o.o. All rights reserved.

Ready to switch to GstarCAD?

Get personalized advice on licensing, migration, and deployment for your business.

5.0

Trusted by professionals worldwide
Contact us Buy now

No obligation — reply within 24h

Your Cart

Subtotal

Price does not include local taxes or duties.

Proceed to Checkout

We value your privacy

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. Read our Cookies Policy.

Cookie preferences

Choose which cookies you want to allow. Essential and payment cookies cannot be disabled as they are required for the site to function.

Essential

Required

Core functionality including authentication, shopping cart, and language preferences.

Payment

Required

Required for processing payments securely through Stripe and PayPal.

Analytics

Help us understand how visitors interact with our site to improve the experience.

Marketing

Used to deliver relevant advertisements and measure campaign performance.

Functional

Order attribution and traffic source tracking to help us understand how customers find our store.