Open Daily 9:30–16:00, Weekend : Closed

Privacy Policy

1. Introduction and Contact Details of the Responsible Party

1.1

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2

The responsible party for data processing on this website in terms of the General Data Protection Regulation (GDPR) is ZanaSuArt, Suzana Horvatic, Mirnovečka ulica 6, 10430 Mama Rakovica, Samobor. Email: info@zanasuart.com. The responsible party for processing personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the responsible party). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

2. Data Collection When Visiting Our Website

When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website:

  • Our visited website
  • Date and time at the moment of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Used browser
  • Used operating system
  • Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to retrospectively check the server log files if there are specific indications of illegal use.

3. Cookies

To make the visit to our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), while others remain on your device longer and allow us to save page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of cookie settings in your web browser.

If personal data is also processed by individual cookies we use, the processing is carried out either for the execution of the contract in accordance with Art. 6(1)(b) GDPR, in the case of a given consent in accordance with Art. 6(1)(a) GDPR, or based on our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit in accordance with Art. 6(1)(f) GDPR.

You can set your browser to inform you about the setting of cookies and decide individually on their acceptance or to exclude the acceptance of cookies for certain cases or in general. Please note that if you do not accept cookies, the functionality of our website may be restricted.

4. Contacting Us

When contacting us (e.g., via contact form or email), personal data is processed solely for the purpose of handling and answering your inquiry and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in answering your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact aims at a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no statutory retention obligations.

5. Data Processing for Order Handling

5.1

If necessary for the fulfillment of the contract for delivery and payment purposes, the personal data collected by us will be forwarded to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data provided by you at the time of the order (name, address, email address) to personally inform you within our statutory information obligations in accordance with Art. 6(1)(c) GDPR through an appropriate communication channel (e.g., by mail or email) about upcoming updates within the legally stipulated period. Your contact data will be used strictly for the purpose of notifying you about owed updates and processed for this purpose only to the extent necessary.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers according to the following information.

5.2 Use of Payment Service Providers (Payment Services)

PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you choose a payment method from the provider where you make an advance payment (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be forwarded to the provider in accordance with Art. 6(1)(b) GDPR. The data transfer occurs solely for the purpose of payment processing and only to the extent necessary.

If you choose a payment method where the provider makes an advance payment (e.g., invoice or installment purchase or direct debit), you will be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative payment method) during the order process.

To safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6(1)(f) GDPR. The provider checks based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option you selected can be granted in terms of payment and/or default risks.

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other data, address data is included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.

6. Rights of the Data Subject

6.1

The applicable data protection law grants you the following data subject rights with respect to the responsible party regarding the processing of your personal data (rights of information and intervention), whereby reference is made to the cited legal basis for the respective exercise conditions:

  • Right to information according to Art. 15 GDPR;
  • Right to rectification according to Art. 16 GDPR;
  • Right to deletion according to Art. 17 GDPR;
  • Right to restriction of processing according to Art. 18 GDPR;
  • Right to notification according to Art. 19 GDPR;
  • Right to data portability according to Art. 20 GDPR;
  • Right to revoke given consents according to Art. 7(3) GDPR;
  • Right to complain according to Art. 77 GDPR.

6.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR PREDOMINANT LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.

7. Duration of Storage of Personal Data

The duration of the storage of personal data is determined based on the respective legal basis, the processing purpose, and – if applicable – additionally based on the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on an explicit consent according to Art. 6(1)(a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed within the scope of legal or similar obligations based on Art. 6(1)(b) GDPR, these data will be routinely deleted after the retention periods have expired, provided they are no longer required for contract fulfillment or contract initiation and/or there is no legitimate interest on our part for further storage.

When processing personal data based on Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object according to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for the purpose of direct advertising based on Art. 6(1)(f) GDPR, these data will be stored until you exercise your right to object according to Art. 21(2) GDPR.

Unless otherwise indicated in the specific information of this declaration regarding specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.