Privacy Policy

Privacy Policy

This Privacy Policy explains how STAŠA DESIGN, obrt za modni dizajn, vl. Staša Randall, Pula, Kolhiđanska ulica 5, Kolhiđanska ulica 5, PULA, 52100, Pula, Hrvatska, OIB 07094459232 (hereinafter: “Controller”, “we”, “us”) collects, uses, stores, and protects personal data.

For all privacy-related requests, please contact us at info@stasadesign.com.

1. Data We Collect

1.1 Data collected when visiting the website

When you browse our website, technical data may be collected automatically, such as IP address, browser type and version, device and operating system information, pages visited, access time, and referral source.

1.2 Cookies and similar technologies

We may use cookies and similar technologies to enable website functionality, improve user experience, and analyze website performance. You can control cookie preferences through your browser settings and cookie banner options where available.

1.3 Data provided when placing an order

When you place an order, we may collect: name and surname, delivery address, billing details, email address, phone number, ordered items, payment status, and communication related to delivery, returns, or complaints.

1.4 Data provided when contacting us

If you contact us by email or other channels, we process the contact data and message content required to respond to your request.

1.5 Newsletter and marketing communication

If you subscribe to marketing communication, we process your email address based on your consent. You can unsubscribe at any time.

2. Purposes and Legal Bases of Processing

2.1 Contract performance: processing necessary to process orders, deliver products, and provide customer support (GDPR Art. 6(1)(b)).

2.2 Legal obligations: processing required for accounting, tax, and other legal obligations (GDPR Art. 6(1)(c)).

2.3 Legitimate interests: website security, fraud prevention, internal analytics, and service improvement (GDPR Art. 6(1)(f)).

2.4 Consent: where required (e.g. newsletter), data is processed based on your consent, which may be withdrawn at any time (GDPR Art. 6(1)(a)).

3. Sharing of Personal Data

We may share personal data only when necessary and lawful, including with:

– delivery service providers;
– payment service providers;
– IT, hosting, and maintenance providers;
– professional advisers and competent authorities when required by law.

All processors are engaged under appropriate contractual safeguards and may process data only according to our instructions.

4. International Data Transfers

If personal data is transferred outside the EEA, we ensure appropriate safeguards in line with GDPR (e.g. adequacy decisions or Standard Contractual Clauses), where applicable.

5. Data Retention

We keep personal data only as long as necessary for the purpose for which it was collected and in accordance with legal retention obligations. Retention periods may vary depending on legal, accounting, and contractual requirements.

6. Data Subject Rights

Under GDPR, you may have the right to:

– access your personal data;
– rectify inaccurate data;
– erase data (“right to be forgotten”) where applicable;
– restrict processing;
– object to processing based on legitimate interest;
– data portability;
– withdraw consent at any time (where processing is based on consent);
– lodge a complaint with the competent supervisory authority.

You can exercise your rights by contacting us at info@stasadesign.com.

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

8. Third-Party Services and Links

Our website may contain links to third-party websites or use third-party services (e.g. payment or analytics tools). Their data processing is subject to their own privacy policies.

9. Policy Updates

We may update this Privacy Policy from time to time. The latest version is published on this page.

Last updated: 5 March 2026