Privacy Policy
Desaign, service and trade craft
Updated: 01.02.2026.
1. Introduction and Scope
This Privacy Policy explains how Desaign, service and trade craft, owner Filip Đurkan (hereinafter: "we", "us" or "Craft"), based at Ulica Matije Gupca 42 A, 49210 Zabok, OIB: 51564342539, collects, uses, shares and protects user personal data when using our services. We are dedicated to protecting your privacy and personal data. This Policy is drafted in accordance with Regulation (EU) 2016/679 (GDPR) and the Act on the Implementation of the General Data Protection Regulation.
2. Data Controller and Contact
The data controller for your personal data is:
Desaign, service and trade craft, owner Filip Đurkan
Ulica Matije Gupca 42 A, 49210 Zabok
If you have any questions about this Policy or how we process your data, you can contact us via email at: info@desaign.store
3. What Data We Collect
We collect only data necessary to provide our services, process orders, and fulfill legal obligations. Categories of personal data we process:
- Account and registration data: When registering or ordering, we collect your email address and password (if registering via email) or login data via third parties (Google), such as name, surname, and email address.
- Order and payment data: Information about purchased products, amount, and currency. Payment is processed via our partner Stripe. We do not store nor have access to your credit card numbers; this data is processed exclusively by Stripe securely.
- Delivery data: Name and surname of the recipient, delivery address, country, and contact phone. These data are necessary to organize print and delivery of your products via partner Gelato.
- Communication: Content of emails you send us (inquiries, support, complaints).
- Technical data: IP address, device type, and basic server logs necessary for website security and functioning.
What we DO NOT collect:
We currently do not use marketing analytics tools (like Google Analytics) nor do we send marketing newsletters, therefore we do not collect or process data for these purposes.
4. Processing Purposes and Legal Bases
We process your data based on the following legal bases (according to Article 6 of GDPR):
5. Data Recipients (Sharing with Third Parties)
We share your personal data exclusively with trusted partners who help us provide services ("processors"):
- 1. Stripe: For secure online payment processing.
- 2. Gelato: For print-on-demand services and delivery organization. We forward order data and delivery address to Gelato.
- 3. Delivery services: Partners engaged by Gelato (e.g., local post, courier services) for physical delivery of packages to your address.
- 4. Hosting and IT services: Providers of technical infrastructure enabling our website and email operation (e.g., Google for email services and authentication).
- 5. Competent authorities: Tax administration and other state bodies, exclusively when required by law.
All our partners are bound by confidentiality and data protection agreements.
6. Data Transfer Outside EU
Our partners Stripe and Gelato are global companies. This means your data (like delivery address or transaction data) may be transferred to the USA or other countries outside the European Economic Area (EEA) for service execution. Such transfers are protected by appropriate safeguards, primarily Standard Contractual Clauses (SCC) approved by the European Commission, guaranteeing a high level of data protection.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. We use secure protocols (SSL/TLS) for data transmission, and access to data is restricted to authorized persons who need the data to perform their job.
8. Data Retention Periods
We keep data for as long as necessary for the purpose for which it was collected:
- 📅 Invoices and financial documentation: Kept for 11 years (in accordance with Croatian tax regulations).
- 👤 User account: Kept while active, or until you request account deletion.
- 💬 Inquiries and communication: Until the inquiry is resolved or max 2 years from last communication, for potential complaints or proof needs.
After retention periods expire, data is permanently deleted or anonymized.
9. Automated Decision Making and Profiling
We do not conduct automated decision making or profiling that would have legal or similarly significant effects on you.
10. Your Rights
As a data subject, you have the following rights:
- Right to access: You have the right to obtain confirmation whether we process your data and a copy of that data.
- Right to rectification: You have the right to request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): You have the right to request deletion of data if it is no longer necessary, unless we are legally obliged to keep it (e.g., issued invoices).
- Right to restriction of processing: In certain situations, you can request that we temporarily restrict the processing of your data.
- Right to objection: You have the right to object to processing based on legitimate interest.
- Right to portability: You have the right to receive your data in a structured format.
To exercise your rights, contact us at email: info@desaign.store. We will respond to your request within the statutory period of 30 days.
Also, you have the right to lodge a complaint with the supervisory authority – Personal Data Protection Agency (AZOP) in Croatia (www.azop.hr), if you consider your rights have been violated.
11. Cookies
Our website uses exclusively necessary (technical) cookies required for the correct technical operation of the site (e.g., maintaining login, cart functionality, security). Since we do not use analytical or marketing cookies, your consent is not required for these necessary cookies; they are set automatically to allow the site to function.
12. Policy Changes
We reserve the right to change this Privacy Policy at any time. Any change will be published on this page with an updated effective date.