top of page

ONE LAST MUCH Zatvaramo se na pauzu — sve mora otići!

PRIVACY POLICY

INFORMATION ON DATA PROCESSING FOR THE PURPOSE OF ORDERING PRODUCTS AND CONCLUSION OF A SALES AGREEMENT, PURCHASE AND DELIVERY OF PRODUCTS

1. General Information About the Data Controller

The Data Controller of your personal data is:
LNA, obrt za usluge i proizvodnju
Owner: Leila Nanuk
Address: Frankopanska ulica 17, 10000 Zagreb, Croatia
E-mail: info@neksi.eu

In its business operations, the Data Controller processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable laws of the Republic of Croatia.
 

2. Contact for Personal Data Protection

For all questions related to the processing of personal data, exercising your rights, or submitting a request, you may contact us at:
info@neksi.eu
 

3. Purpose and Legal Basis for Collecting Personal Data

a) Processing product orders and concluding a sales contract
To enable ordering, purchasing, payment, and delivery of purchased items.

b) Customer communication
Responding to inquiries, customer support, and handling complaints.

c) Informing customers about updates (newsletter)
Only if the user voluntarily provides consent.

d) Cookies and analytics
For website functionality, traffic statistics, and improving user experience.

e) Compliance with legal obligations
Issuing and retaining invoices, bookkeeping requirements, tax regulations.
 

4. Categories of Personal Data Processed

Depending on your interaction with our web shop, we may process:

• Name and surname

• Email address

• Delivery address (street, number, city, postal code, country)

• Phone number (optional)

• Billing address (if different from delivery address)

• Order, payment, and purchase status data

• IP address and website usage data (via cookies)


5. Use and Processing of Personal Data

We use personal data solely to:

• process your order and carry out delivery

• communicate with you regarding your purchase

• issue invoices in accordance with legal obligations

• send newsletters when consent is given

• maintain website security and functionality
 

We do not use automated decision-making or profiling that produces legal effects.


6. Sharing Your Personal Data

Your personal data may be shared with:

• delivery service providers (e.g., HP, GLS, DPD)

• accounting service providers

• IT and hosting service providers

• government authorities when legally required
 

All third-party service providers are contractually obligated to comply with GDPR.
Personal data is not transferred outside the EU/EEA, except when using digital tools with appropriate protection mechanisms (such as EU Standard Contractual Clauses).


8. Retention of Personal Data

We retain personal data for the shortest period necessary, depending on purpose and legal obligations:

• data related to purchases and invoicing: as required by law

• data needed for contract execution: until the order is fulfilled

• newsletter consent: until consent is withdrawn

• technical cookies: according to cookie duration
 

When retention periods expire, data is deleted or anonymized.


9. Cookies

The website uses cookies for:

• cart and ordering system functionality

• analytics

• improving user experience
 

A cookie banner appears on first visit, allowing users to accept or decline non-essential cookies.
Users can adjust cookie settings at any time.


10. Data Security

We implement technical and organizational measures to protect your personal data from:

• unauthorized access

• loss

• alteration

• disclosure


Access to personal data is limited to persons who need it to perform their work tasks.


11. Your Rights

You generally have the following rights:

• Right to information about data processing

• Right of access to personal data

• Right to rectification

• Right to erasure

• Right to restriction of processing

• Right to data portability

• Right to object to processing

• Right to object to automated decision-making, including profiling

• Right to lodge a complaint with a supervisory authority (see section 12)

• Right to an effective judicial remedy against a supervisory authority, controller, or processor

• Right to compensation
 

You may exercise your rights in writing, sent to the Data Controller with the subject line “For the Data Protection Officer” at info@neksi.eu.


The right of access to personal data may be exercised only by appearing in person at the business address of the Data Controller, with prior notice via email, and by presenting a valid identification document (ID card, passport, etc.).


12. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint regarding the processing of your personal data with the competent supervisory authority, the Croatian Personal Data Protection Agency (AZOP), in accordance with GDPR and applicable Croatian data protection legislation.
 

Note: All gendered terms used in this text apply equally to all genders, regardless of grammatical form.
 

Last updated: 30 November 2025.

bottom of page