Company EATAR RJEŠENJA J.D.O.O. (hereinafter: EATAR or “we”), the operator of the online store, declares that all personal data (hereinafter: “data”) are considered strictly confidential and treated in accordance with the applicable legal provisions in the field of personal data protection.

The security of your personal data is our priority. Therefore, we pay special attention to personal data and their protection. In these Principles of Personal Data Processing (hereinafter: “Principles”) you will find information about which personal data we collect, on which legal basis we process it, what we use it for, how long we keep it and to whom we can hand it over. In the Principles, we will also inform you about your rights related to the processing of your personal data.

1. What personal data do we process?

If you use our e-commerce services, we process different types of your data.

1.1. If you are buying

The most common data you provide to us is data from the form for ordering products or other services on our websites. First of all, it is about data that is necessary for concluding and fulfilling the sales contract.

We need this data to fulfill your order, and we can divide it into:

Identification data, by which we mean first and last name and, in case of purchase on the company’s account, OIB and VAT ID number;

Contact information, which includes e-mail address, postal address, billing address, telephone number, bank information and payment information;

Data generated on the basis of the duration of the contract, which refer to the purchased products, the scope of the services provided and the user segment.

1.2. If you are a recipient of marketing messages

You may receive marketing messages related to the products you have purchased from us. You can always opt out of receiving these messages by using the unsubscribe link or by contacting the source from which you received the marketing message, which is located at the bottom of each e-mail with a marketing message or message from another source. Unsubscribing from marketing messages is free.

If you are a registered user, you can also receive marketing messages via SMS messages or push notifications in our mobile application. You can also receive push notifications with marketing messages via Facebook or Messenger. This processing is regulated by the Principles of Personal Data Processing given by the social network. You can also unsubscribe from these channels at any time.

If you are the recipient of the mentioned messages, we process the following data:

Identification data, i.e. name;

Contact information, which enables us to communicate with you, i.e. e-mail address, telephone number;

Demographic information, derived from your settings and behavior on the web, such as information about gender and preferred language.

1.3. If you visit our websites or create content on them

If you visit our websites, for the duration of your visit we will collect various information about you, such as your IP address, browser settings and preferred language, the websites visited and the duration of your visit. We will also track your movement on the website and which links you open, so that we can adapt the displayed content to your needs and offer you products and content that you will like.

When you visit our websites, we will save and then read cookie files in the internet browser and device you are using. A special chapter of these Principles is dedicated to them.

In addition to cookies, we also process data about your web behavior, IP address and data from your browser, such as the resolution and operating system of your device, including system version and language settings.

We may also connect you to social networks, including automatically logging into your account on a given social network. For linking on our websites, specifically in the case of blog posts, we use the so-called social plugins, thanks to which you can share the specified content on your profile via the sharing field. Once connected, personalized offers and targeted advertisements with links to our websites may appear on your social networks and other websites.

Our websites may contain links to other websites that we think you may like or contain useful information for you. Therefore, we would like to warn you that these pages may be owned or managed by other companies and organizations, which process data according to their own principles of security and protection of personal data. Our company has no control over this processing and bears no responsibility for any information, material, products or services contained or available through these websites.

1.4. If you contact us via the customer line or social networks

If you decide to contact our customer service by phone or e-mail, we process the records of the e-mail communication.

If you contact us regarding your request through our page or profile on selected social networks, the processing of your personal data is carried out exclusively according to the Principles of Personal Data Processing of the company that manages the social network in question.

1.5. If you visit one of our business premises

We install camera systems in our stores and other premises to protect our legitimate interests and our property and yours. If you visit our store, we will process videos in which you may be recorded. The areas where the cameras are located are always properly marked with warning signs.

2. For what purpose do we process your personal data?

2.1. Purchase of goods and services

We usually process your personal data for the purpose of fulfilling the sales contract, in order to successfully process and deliver your order, sent via our website, mobile application or customer line. The e-mail address and phone number are used to send confirmation of the order, confirmation of receipt of payment, electronic invoice, as well as for occasional information about the status of your order and other communication concerning your order.

2.2. Marketing offers

We send you marketing messages related to products similar to those you have purchased. You can opt out of receiving these messages at any time by using the unsubscribe link at the bottom of each e-mail with this type of message. If you are a registered user, we also send you marketing messages via SMS messages and push notifications in our mobile application. You can also receive push notifications with marketing messages via Facebook and Messenger. The processing of this data is regulated by the Principles of personal data processing of the given social network. If you unsubscribe from receiving marketing messages, we will no longer use your electronic contact for this purpose. Unsubscribing from marketing messages is free.

2.3. Customizing and creating content, improving the performance of websites

We want to tailor our content to you and recommend products that will interest you. Therefore, we use the collection of personal data to personalize the content and offers on our websites. The marketing offers displayed may be selected based on the following information, which we have collected about you over time through contact and demographic information, favorite products and other data related to the use of our websites. We do not perform fully automated processing that would have legal effects for you.

We process data about your behavior on our websites, which enables us to obtain information on the basis of which we can continuously improve your user experience on our websites. We may also process your personal data for the production of various statistics, such as tracking visits or measuring the effectiveness of advertising, as well as for testing new functionalities of our websites and mobile applications. Information about your behavior on the web is also important for preventing any form of attack on our websites.

You too can create a certain type of content on our web pages. If you decide to write a review for the purchased product, we process your data for the purpose of processing and displaying your evaluation. If you join the discussion and write a comment below a post on our blog, we will process your personal data in order to process and display your comment.

2.4. Customer support and communication

We strive to constantly improve the services provided by our customer service center. In order to respond to your inquiries as quickly as possible and provide this service, we need your personal data to successfully process your requests and eliminate any difficulties associated with the fulfillment of the sales contract. If you contact us by phone, we will, after prior warning, record the conversation in order to increase the quality of our services.

We also use the collected personal data so that we can tailor the communication to you. So, for example, we may contact you by phone, email, mobile app or other channel to remind you that you have items in your shopping cart or to help you complete your order. We will also contact you for the purpose of informing you about the current status of your request, order or complaint, or in case of need for additional information. We can also warn you about the need to carry out activities necessary to keep your user account active.

2.5. Videos

We install cameras in our stores and other areas to protect our legitimate interests and to protect our property and yours.

2.6. Evaluating satisfaction on rating sites

In connection with the purchase, you can also receive a satisfaction rating request via the selected rating page. In this case, the purpose of data processing is to obtain information about customer satisfaction.

2.7. Examination of users and organization of actions

If you participate in the user testing program we offer, we will process your personal data for the purpose of testing new or existing functionality of our systems.

When participating in an event that we are the organizers of, we process your personal data for the purpose of planning, conducting and evaluating the event.

2.8. Improvement of services

We use your personal data to continuously improve our services and systems, which includes adding new functionalities. We also process personal data for the purpose of making informed decisions, with the help of collective analyzes and business intelligence, based on our justified interest, which stems from the freedom of entrepreneurship and is based on the necessity of improving the services provided for the sake of success in economic competition. In order to adequately protect your rights and interests, the personal data we use for this purpose is anonymous to the greatest extent possible.

2.9. Protection, security and dispute resolution

We may also process your personal data for the purpose of ensuring the protection and security of our customers and systems, exercising our rights and legal requirements, detecting and preventing fraud, resolving disputes and implementing agreements. In addition, we may process personal data for the purpose of possible controls by public authorities.

3. On what legal basis do we process personal data?

We process personal data to different extents and for different purposes, which we describe in detail in the upper part of articles 1 and 2, as follows:

a) Without your consent, on the basis of contract fulfillment, fulfillment of legal obligations or our legitimate interests;

b) Based on your consent

The methods of processing that we can carry out without your consent derive from the purpose of the processing and the position from which you act towards us – whether you are just a visitor to our websites, our customer or a registered user. Your personal data may also be processed if you are the recipient of ordered goods or services, if you communicate with us or if you visit our store.

3.1. Fulfillment of the sales contract

If you buy from us, that is, if you send an order, a proposal for concluding a sales contract will be created, which was concluded by receiving a proposal in the form of sending the ordered goods. In order to be able to successfully fulfill this purchase agreement, or any other agreement regarding our products and services, we need a large part of your personal information requested through the order form. The exact data we process in this case are listed in article 1, paragraphs 1 and 5.

3.2. Fulfillment of legal obligations

We also have to fulfill certain obligations established by valid legal regulations. If we process your personal data based on the fulfillment of these obligations, we do not need to ask for your consent for this processing. On this legal basis, we process your identification and contact information and information about your orders. The data we process in this case are listed in Article 1, Paragraph 1.

3.3. Constraint

For the purpose of sending marketing messages via e-mail, we may process your personal data based on the consent you have given us. You can withdraw your consent at any time and unsubscribe from receiving marketing messages. The data we process in this case are listed in Article 1, Paragraph 3.

We will also ask for your consent if you plan to publish a review for purchased products, a comment on a blog or if you want to activate the availability alert function, participate in a user survey or some other action. And in these cases, you can withdraw your consent at any time. The data we process in this case are listed in article 1, paragraphs 4, 7 and 10.

3.4. Legitimate interest

We also process your personal data on the basis of legitimate interest for the purpose of improving and adjusting the offered services, checking your satisfaction with the order placed, and more effectively promoting the offered products and services. This is the data specified in Article 1, paragraphs 4 and 5.

Based on legitimate interest, which includes direct marketing, we may send you marketing messages related to products similar to those you have purchased from us, but only if you do not object to this method of processing. Our legitimate interest is the protection of legal claims, internal records and control of the correct provision of our services. In this case, we process all categories of personal data listed in Article 1.

Our legitimate interest also lies in sending a request for evaluation of a purchase made via the selected evaluation site or evaluation of our consumer sweepstakes. The data we process in this case are listed in article 1, paragraphs 8 and 9.

The processing of your personal data based on our legitimate interest is also carried out in the event of a visit to our stores, which are equipped with surveillance cameras to protect property. You can object to this method of processing at any time. The data we process in this case are listed in Article 1, paragraph 6.

4. To whom do we forward your personal data?

In most cases, we process your personal data for our own purposes as personal data processors, which means that we determine the above-mentioned purposes for collecting your personal data, determine the means of processing and the proper processing procedure.

We pass on your personal data to our partners only in the event that this is necessary for the fulfillment of the purchase contract, for example for the execution of payment or delivery, on the basis of legitimate interest or if you have previously given your consent to the transfer of data.

We forward your personal data to our processors, who, of course, comply with all legal requirements for the protection of personal data. These processors process personal data according to our instructions. Your rights are not in any way threatened by this processing. With your consent, we may also share your personal data with social networks or marketing tool managers to display targeted advertisements on other websites.

4.1. Recipient categories

We may transfer your personal data to the following entities:

To companies and executors of processing based on the fulfillment of a sales contract or for the execution of internal processes and procedures;

Companies that provide payment services, for the purpose of processing payments based on your order, i.e. fulfilling the purchase contract;

To carriers, for the purpose of delivering ordered products or services and resolving complaints, including withdrawal from the sales contract;

To suppliers of goods or service centers, in connection with complaints about the goods and services you have ordered;

Partners who distribute marketing messages and have an obligation to keep confidential data, so that they may not use your personal data for any other purpose;

Managers of marketing tools, which help us personalize the offer and content;

Social networks, if you use them to communicate with us or share content using social plugins;

Providers of tools for communication with customer service or possibly external call centers;

Partners who conduct customer satisfaction surveys;

Technology suppliers and cloud service providers;

To legal or financial representatives, courts, for the purpose of processing tax documents, collection of claims or other reasons arising from the fulfillment of our legal obligations;

To public bodies, in case of need to exercise our rights (e.g. to the police).

If third parties use your personal data within their own legitimate interests, we are not responsible for this processing. Any possible processing of this type is regulated exclusively by the Principles of personal data processing of the respective companies and individuals.

4.2. Transfer of data outside the EU

When submitting your personal data to our processors, in some cases we may also submit personal data to third countries that are not members of the European Union and do not provide an adequate level of personal data protection. We will carry out the transfer only if our processor undertakes to comply with the standard contractual provisions issued by the European Commission, which are available here.

5. How long do we process personal data and how are they protected?

5.1. Working time

We primarily process your personal data for the duration of our contractual relationship, i.e. the sales contract. We are obliged to process personal data that is necessary for the fulfillment of our obligations, whether it is an obligation arising from a mutually concluded contract or from generally binding legal regulations, as long as it is required of us by the relevant legal regulations and in accordance with them. For example, in the case of accounting documents, as data processors, we are obliged to keep information about you for at least 10 years from the date of issue.

We primarily process your personal data during the duration of the contractual relationship. In addition, we process personal data during the period necessary for the correct fulfillment of all our obligations arising from the concluded contract and generally binding legal regulations. For example, in the case of accounting documents, we are required to keep information about you for at least 10 years.

In order to fulfill your requests and provide customers with quality service, we process your personal data from the conclusion of our contractual relationship, including 1 year from the expiration of the warranty period for purchased products, for the purpose of resolving possible disputes.

If you communicate with us through our customer support, we will keep your personal data from the communication for 2 years

If you give us your consent to send marketing messages, it is valid for a period of 4 years or until you withdraw your consent. Likewise, if you give us your consent to inform you about the availability of the product, the consent is valid until the moment of sending the notification of availability, and for a maximum of 1 year or until the consent is withdrawn. The consent you gave us by sending a product review is valid for 6 years or until the consent is withdrawn. If you create content as part of posts on our blog, the consent you gave us by submitting a comment is valid for 2 years or until the consent is withdrawn. If you decide to participate in a user survey or other campaign organized by us and you give us your consent, we process your personal data for a period of 1 year or until you withdraw your consent, including potential videos or audiovisual recordings.

In case of participation in a prize game organized by us, we will process your personal data for 1 year. If you visit our store or other premises and the area around them, we process the videos from the cameras for a period of 90 days after the record is created.

In other cases, the processing time of your personal data results from the processing purpose, which is given by binding legal regulations in the field of personal data protection. After the expiration of the established processing terms, your personal data is automatically deleted.

5.2. Insurance

Collected and processed personal data comes to us in coded form. We use the SSL (“secure socket layer”) encryption system for transmission. This system ensures the protection of your personal data during communication between your browser and our server. Our websites and other systems we work with are secured by appropriate technical and organizational measures against the loss and destruction of your personal data, as well as against access, modification or distribution of your personal data by unauthorized persons.

We are constantly improving security measures, and we also ask our data processors for evidence of compliance of their systems with the GDPR.

If you register, access to your user account is possible only after entering a password that you have chosen yourself. We do not have access to your password, since we store it in an encrypted form that we cannot decipher.

However, we would like to warn you that it is necessary not to give your login information to third parties. When you are finished with your user account activity, we recommend that you log out, especially if you share your device with other users. We do not assume responsibility for misuse of your password, unless we have directly caused the situation.

6. How do we use cookie files?

We use cookie files for the proper functioning of our website and to make our offer relevant, interesting and user-friendly for you. To use cookies, we need support from the Internet browser you are using. Our websites also function without cookies, but to a very limited extent and without the possibility of using some basic functions.

Cookies are standard tools for saving information about the use of websites.

Cookies are small text files that are automatically created whenever you visit a website, and are stored in the browser you use on your computer, smartphone or other device. Thanks to some cookies, we can link your activities on our websites until the moment you close your browser. By closing the browser window, these cookies are automatically deleted.

Other cookies remain in your browser for a certain period of time and are reactivated whenever you visit our website. In addition to cookies, we also use the so-called tracking pixels, small, for ordinary users invisible images, which function in a similar way as cookies. The storage time of cookies on your browser or device depends on the cookie settings and on the settings of your browser. We store data obtained from cookie files for a maximum of 1 year.

6.1. What cookies do we use?

The cookie files we use on our websites can be divided into 2 basic types:

Temporary, so-called “session cookies”, which are deleted as soon as you leave our website;

Permanent, so-called “persistent cookies”, which remain in your browser or device for a certain time or until you manually remove them.

With regard to functionality, cookie files can be divided into:

Essential, i.e. technical and functional cookies, which are important for the basic functioning of websites. Without them, you wouldn’t be able to add products to your cart, send an order, or log in to your account.

Analytical cookies, which help us improve your user experience on our websites by telling us how you use our pages. They also enable us to analyze the performance of different sales channels.

We use remarketing cookies to personalize the content of advertisements and target them as best as possible.

Among other things, we use the above cookie files in practice for the following:

Proper functioning of the shopping cart, so that you can complete your order as quickly and simply as possible.

Saving your login details so you don’t have to re-enter them every time.

To better adapt our websites to your requirements by monitoring visits, your behavior on the website and the functions you use.

Getting information about which ads you open, so that in the future we don’t show you ads for products you’re not interested in.

Some cookie files may collect information that is then used by a third party and that, for example, directly supports our advertising activities (so-called “third-party cookies”). For example, the advertising agency can display information about the products you have purchased on our web pages within the framework of the display and adjustment of advertising banners on the web pages displayed by you. However, these cookies are available to third parties in an anonymous form and it is not possible to identify you based on this data.

6.2. How to limit the effect of cookies?

The settings for the use of cookie files are part of the Internet browser you are using, with the default settings of most browsers automatically supporting cookies. You can reject cookie files completely or limit them to the types you have chosen yourself via your browser. Please note that in this way you may limit the functioning of our websites and you will not be able to use the full range of functions we offer, including the function of logging into your user account.

If you wish, you can use the browser’s anonymous mode, which, although it does not prevent the use of cookies completely, makes them more anonymous and does not store the history of visiting websites.

You will find information about pre-selected settings for the use of cookies at the links below or in the documentation of your internet browser:

Chrome

Firefox

Internet Explorer

Android

iPhone and iPad

You can also find an effective cookie management tool at https://www.youronlinechoices.com/cz/.

7. What are your rights and how can you exercise them?

Just as we have our rights and obligations that we must respect when processing your personal data, you also have certain rights that you can exercise. These rights include:

7.1. Right of access

You have the right to request free information about the processing of your personal data – what data about you we process, for what purpose and for how long, where we get data about you and to whom we hand it over. As part of the right of access, you can also request us to send you processed data in a structured, machine-readable format. We will be happy to create a copy of the data for you after verifying your identity. For the aforementioned, send a request to the e-mail address of the Commissioner for Personal Data Protection (hereinafter: “Commissioner”) info.eatar@gmail.com.

7.2. Right to rectification

If you discover that the processed personal data is not correct or complete, you have the right to request its correction. We will correct or supplement your data without undue delay. It is enough to send a request to the Commissioner’s e-mail address info.eatar@gmail.com

7.3. Right to erasure

In some cases, you can use the right to delete personal data that we process. We will delete or anonymize your personal data without undue delay. This does not apply to personal data that we need to fulfill our legal obligations and that are required to be kept by legal regulations (e.g. the execution of an order already submitted) or to protect our legitimate interests. Your personal data will be deleted even if we no longer need them or if their storage becomes illegal for other, legally established reasons. You can request the deletion of personal data from the Commissioner via the e-mail address info.eatar@gmail.com

7.4. The right to restriction of processing

In some cases, you can use the right to limit the processing of personal data that we process. You can request that selected personal data not be subject to further processing for a certain period of time. You can request the restriction of personal data processing from the Commissioner via the e-mail address info.eatar@gmail.com

7.5. Right to portability

You have the right to receive from us all personal data that you have given us and which we process based on your consent. We will send you personal data in a structured, machine-readable format. We will be happy to generate the data for you in the specified format, it is enough to send a request to the commissioner’s e-mail address info.eatar@gmail.com

7.6. The right to object

You have the right to object to the processing of personal data by us based on our legitimate interest. If processing is for marketing purposes, we will stop processing personal data without undue delay. In other cases, we will do so after reconsidering our legitimate interests and your rights and reasons. You can object to the processing of personal data by sending a request to the e-mail address info.eatar@gmail.com

7.7. Right to appeal

Exercising the above-mentioned rights and procedures in no way limits your right to appeal to the responsible supervisory authority. You can use this right especially when you believe that we are processing your data without authorization or in violation of generally binding legal regulations. The subject for resolving customer complaints is the Personal Data Protection Agency, with headquarters at Martićeva 14, 10000 Zagreb.

8. Contact us

In case you have any question, comment and request regarding these Principles and the processing of your personal data, you can contact the Commissioner for Personal Data Protection at any time, who can be contacted via the e-mail address info.eatar@gmail.com. Your request will be processed without undue delay, and within 30 days at the latest. In exceptional cases, especially considering the complexity of your request, we are authorized to extend this deadline by another two months. You will be notified of the extension and the reason for the extension.

You can, without hesitation, contact us at our address and customer line, listed at the end of these Principles.

Contact: EATAR RJEŠENJA J.D.O.O.

LJUDEVITA POSAVSKOG 36B

10000 ZAGREB

Email: info.eatar@gmail.com

Phone: +385 92 404 6792

9. Entry into force

These Personal Data Protection Principles come into force on January 1, 2020