Privacy policy

PRIVACY POLICY

1. Data Controller

Planfeed d.o.o.
Donji Brinjani 44
44320 Brinjani (City of Kutina)
Croatia
VAT ID (OIB): 68541664749
Email: planfeedo@gmail.com
Phone: +385 99 285 35 45

Planfeed d.o.o. is the controller of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. What Data We Collect

A) Data You Provide When Purchasing or Registering:

  • First and last name

  • Email address

  • Phone number

  • Shipping address

  • Billing address

  • VAT ID (if applicable)

  • Account information (if you create an account)

B) Payment Information

Payments are processed via the Stripe payment system.

When paying by card, you provide:

  • First and last name

  • Card details

  • Billing address

Card details are not stored on our servers. They are processed by Stripe as a certified PCI DSS Level 1 payment provider.

Stripe processes personal data in accordance with its own privacy policy and security standards.

C) Automatically Collected Data

  • IP address

  • Device and browser type

  • Website usage data

  • Data collected via cookies

3. Purpose of Data Processing

We use your data for:

  • Processing and delivering orders

  • Issuing invoices

  • Communication related to your order

  • Handling complaints and returns

  • Compliance with legal obligations (accounting and tax regulations)

  • Fraud prevention

  • Marketing (only with your consent)

  • Improving website functionality

4. Legal Basis for Processing (GDPR Art. 6)

Data is processed on the basis of:

  • Performance of a contract (purchase of products)

  • Legal obligation (accounting, tax regulations)

  • Your consent (newsletter, marketing)

  • Legitimate interest (security, analytics)

5. Data Sharing

Personal data may be shared with:

  • Stripe (payment processing)

  • Delivery service providers

  • Accounting service providers

  • Shopify platform (hosting and technical support)

  • IT partners

All partners process personal data in accordance with GDPR.

6. Cookies

Our Website uses cookies and similar technologies (e.g., pixels, local storage) to ensure proper functioning of the webshop, analyze website usage, and, with your consent, display personalized advertisements.

We use the following types of cookies:

Necessary Cookies

These cookies are essential for the operation of the webshop (e.g., saving products in the cart, payment security, user login). Without them, the website cannot function properly.
Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

Analytical Cookies

These allow us to analyze website usage to improve functionality and user experience.
Legal basis: your consent (Art. 6(1)(a) GDPR).

Marketing Cookies

These are used to display personalized advertisements and for remarketing campaigns via third parties (e.g., Meta, Google).
Legal basis: your consent (Art. 6(1)(a) GDPR).

Non-essential cookies are set only after your explicit consent via the cookie banner.

You may withdraw or modify your consent at any time using the cookie management tool on our website or through your browser settings.

Please note that blocking certain cookies may affect the functionality of the webshop.

Some cookies are placed by third parties (e.g., Shopify, Stripe, analytics and advertising providers), who process data in accordance with their own privacy policies.

7. Data Retention Period

We retain personal data:

  • For 11 years (accounting records in accordance with Croatian law)

  • For as long as your customer account remains active

  • Until consent is withdrawn (marketing purposes)

  • As long as necessary to resolve disputes

8. Your Rights

You have the right to:

  • Access your data

  • Rectify inaccurate data

  • Erasure of data

  • Restriction of processing

  • Object to processing

  • Data portability

  • Withdraw consent

  • Lodge a complaint with the Croatian Data Protection Authority (AZOP)

To exercise your rights, please contact:
📧 planfeedo@gmail.com

9. Data Security

We implement appropriate technical and organizational measures, including:

  • SSL encryption

  • Shopify security protocols

  • Restricted access to personal data

10. International Data Transfers

Personal data may be processed outside the EU through Shopify and Stripe systems.

In such cases, Standard Contractual Clauses approved by the European Commission are applied.

11. Children

This website is not intended for individuals under the age of 16.

12. Changes to This Policy

We reserve the right to amend this Privacy Policy.

The updated version will be published on this page.