privacy policy

This Privacy Policy informs you about the processing of your personal data that we collect when you visit our websites. In the collection and processing of this data, we act as a data controller in the sense that it is defined by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data, and on placing out of force of Directive 95/46/EC (General Data Protection Regulation) SL EU L119 – hereinafter: GDPR Regulation.

We only collect data that is necessary to achieve the purpose of processing, and we protect your data in an appropriate manner against misuse and loss.

Hereby we would like to inform you about what data we collect, for what purpose, what is the legal basis of processing, how long we keep it, about the use of cookies, how we protect your data, to whom we transfer your data and for what purpose, what your rights are and how you can exercise them achieve.

Links on our website may lead to websites that are not owned by us or under our control, so we advise you to inform yourself about data protection on such websites.

General Information
The organization Sretni ljudi, Ljudevita Gaja 25, 10410 Velika Gorica, Republic of Croatia, OIB: 40320212994, is responsible for the processing of personal data.

The contact information through which all information regarding the processing and use of personal data can be obtained are:
• via e-mail to: info@natalijapavlakovic.com
• you can do it by mail to the address: Ljudevita Gaja 25, 10410 Velika Gorica, Republic of Croatia

Processing of personal data
Association Sretni ljudi understands that your privacy is important, therefore it attaches great importance to the protection of personal data, and processes your personal data in accordance with the principles of the GDPR Regulation. This may include any information that may lead to you as an individual. Association Sretni ljudi processes your personal data that you entrusted to us during registration in the web shop, by signing up for the newsletter on our website www.natalijapavlakovic.com, through reviews of our services or by asking questions through the provided contact form.
We only collect data that is necessary to achieve the purpose of processing, and we protect your data in an appropriate manner against misuse and loss.

Web shop
For the purpose of executing the contract and performing the services we offer on our website, and depending on the type of service, we may collect the following personal data:
• Name and surname
• Mobile number
• Contact phone number
• E-mail address
• Information on the payment method
• Date of birth
• Place and country of birth
• Time of birth (if known)
The legal basis for the processing of personal data collected through the web shop is the realization of a contract in which the respondent is a party, or in order to take actions at the request of the respondent, in accordance with Article 6, paragraph 1. points b) of the GDPR Regulation.

Newsletter
The personal data that is collected by signing up for the newsletter are:
• Name and surname
• E-mail address
• Mobile number
Personal data collected through the registration for the newsletter are used exclusively for the delivery of the newsletter to the e-mail address entered in the registration by the user and are not used for other purposes. Signing up for newsletter delivery is not a condition for using the web shop.

By giving consent for the use of personal data when signing up for the marketing newsletter of the Association of Happy People, you give permission for the use and storage of personal data for marketing purposes until you withdraw your consent, that is, you unsubscribe from receiving the newsletter. You can withdraw your consent at any time as easily as you gave it without giving a reason by clicking on the link in the marketing newsletter. You can also revoke your consent by contacting us by e-mail at: info@natalijapavlakovic.com or by mail at the address: Udruga Sretni ludi, Ljudevita Gaja 25, 10410 Velika Gorica, Republic of Croatia.
Upon revocation of consent, we will no longer use your data for marketing purposes and you will no longer receive the newsletter.
The legal basis for the processing of personal data is your consent to inform you about our products and services, in accordance with Article 6, Paragraph 1, Point a) of the GDPR Regulation.

Reviews
For the purpose of collecting information and impressions related to our services and client satisfaction, the Association of Happy People directly collects your opinion and review of the particular service you use. In order to improve our services, we may collect the following data:
• Name and surname
• Occupation
• Email
• A photograph
The legal basis for processing personal data is our legitimate interest in monitoring client satisfaction for the purpose of improving and adjusting our services, in accordance with Article 6 paragraph 1 point f) of the GDPR Regulation.

We can publish individual reviews on our website, in the newsletter or on social networks, where the name and surname and photo will be visible, that is, only those personal data that you allow us to publish in the specific case.

Contact forms
In order to make it easier for you to use our services or to learn more about them, you can contact us through the available forms on our website. In this case, we will also collect your personal data such as:
• Name and surname
• Mobile number
• Contact phone number
• Email
• Information on the payment method
• Date of birth
• Place and country of birth
• Time of birth (if known)
The legal basis for the processing of personal data is the execution of a contract in which the respondent is a party or to take actions at the request of the party before concluding the contract, in accordance with Article 6, paragraph 1. points b) of the GDPR Regulation.
We may contact you several times by e-mail after receiving your inquiry to ensure that you have received the information you need, that is, that you are satisfied with the answer received.

Purpose, method of processing and storage of personal data
All personal data are used exclusively for the purposes for which they were collected and for which there is a valid legal basis, and will not be made available to third parties in any way, except for purposes prescribed by law.
Upon the end of the purpose for which the data was collected or the expiration of the period for which consent was given or the termination of the contractual relationship or upon the expiration of all legal obligations related to the storage of personal data, we will delete or anonymize the collected personal data.

Automated individual decision-making and sending data outside the EU
We currently do not use automated individual decision-making on the websites we own or in the services we provide.
We do not deliver your personal data outside the European Union, that is, to countries that are considered “third countries” in accordance with the GDPR Regulation.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on your relationships or similarly significantly affects you.

Use of cookies
When you visit our website, we use only those technical cookies that are necessary and essential for the functioning of the site and enable the visitor to move around the website and use its features (eg access to secure areas of the site).
Therefore, we use only those cookies – text files placed on the user’s computer by the Internet server (server), through which the Internet access service provider (ISP) displays the website.

Cookies are created when the browser on the user’s device loads the visited web destination, which then sends data to the browser and creates a text file (cookie). The browser retrieves and sends a cookie to the server of the website when the user returns to it.

Your rights regarding personal data
In accordance with the GDPR Regulation, you have the following rights at all times:
• the right to access personal data and receive confirmation that we are processing your personal data, as well as a copy of the personal data we are processing;
• the right to correction if you believe that the personal data we process is incorrect;
• the right to erasure (“the right to be forgotten”) without undue delay, when we process them based on your consent or on the basis of legitimate interest as a legal basis for processing or in some other case provided for by regulation.
• the right to limit processing, provided that the conditions from the GDPR Regulation are met
• the right to withdraw consent with the note that withdrawal of consent does not affect the legality of processing data processed on the basis of consent before it was withdrawn;
• the right to the right to the portability of personal data to another data controller when it is technically feasible;
• the right to submit a complaint regarding the processing of personal data.

If you want to exercise any of the above-mentioned rights, you can contact us using the above-mentioned contact details.
In the event that you use any of the above-mentioned rights disproportionately often and with the obvious intent of abuse, we reserve the right to charge you a reasonable fee for processing the request or reject your request.

The right to object to the Personal Data Protection Agency
If you have a complaint about the way we use your data, we suggest that you first contact us in order to resolve the problem, but you have the right to send it directly to the Agency for the Protection of Personal Data at the e-mail address: azop@azop.hr or by mail at the address:

Agency for the Protection of Personal Data
Selska cesta 136
10000 ZAGREB

We would like to emphasize that we regularly review and, when appropriate, periodically update these Rules. In case we want to process your personal data in a way that we have not previously identified, we will contact you to provide you with information and, if necessary, ask for your consent. We recommend that you regularly visit these Rules so that you can receive up-to-date information about the way in which we process your personal data.

Date of last update of these Rules: October 2023

Security of Online Payments
While conducting payments on our web shop you are using CorvusPay – an advanced system for secure acceptance of credit cards on the Internet.

CorvusPay system ensures complete privacy of your credit card data and personal data from the moment you type them into the CorvusPay payment form. Data required for billing is forwarded encrypted from your web browser to the bank that issued your payment card. Our store never comes into contact with your sensitive payment card data. Similarly, CorvusPay operators cannot access your complete cardholder data. An isolated system core independently transmits and manages sensitive data while at the same time keeping it completely safe.

The form for entering payment data is secured by an SSL transmission cipher of the greatest reliability. All stored data is additionally protected by hi-grade encryption, using hardware devices certified by FIPS 140 2 Level 3 standard. CorvusPay fulfills all of the requirements for safe online payment prescribed by the leading credit card brands, operating in compliance to the PCI DSS Level 1 standard – the highest security standard of the payment card industry. Payments made by cards enroled with the 3-D Secure program are further authenticated by the issuing bank, confirming your identity through the use of a token or a password.

All information collected by Corvus Pay is considered a secret and treated accordingly. The information is used exclusively for the purposes for which they were intended. Your sensitive data is fully secure and it’s privacy is guaranteed by the state of the art safeguard mechanisms. We collect only the data necessary for performing the work in accordance with the demanding prescribed procedures for online payment.

Security controls and operating procedures applied within the CorvusPay infrastructure not only ensure current reliability of CorvusPay but permanently maintain and enhance the security levels of protecting your credit card information by maintaining strict access controls, regular security and in-depth system checks for preventing network vulnerabilities.

Thank you for using CorvusPay!