Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Cositas collects, uses, and protects your personal data when you browse this website, place an order, contact us, or otherwise interact with us.

1. Data controller

The data controller is:[Full legal business name] [Address] [OIB / registration number if you want to include it] [Email address] [Phone, if applicable]

2. What personal data we collect

Depending on how you interact with us, we may collect:

  • Name and surname
  • Email address
  • Phone number
  • Billing and delivery address
  • Order details and customisation information
  • Payment-related information (processed through payment providers, where applicable)
  • Messages you send us through forms, email, or social media
  • Technical data such as IP address, browser type, and cookie-related information

3. Why we process your data

We process your personal data for the following purposes:

  • To respond to your inquiries
  • To process and deliver your order
  • To communicate with you about your order or custom request
  • To issue invoices and comply with legal and accounting obligations
  • To manage complaints, returns, or customer support
  • To improve the website and ensure its security and functionality
  • To send marketing communications only where permitted by law or where you have consented

4. Legal bases for processing

We process your data on one or more of the following legal bases:

  • Performance of a contract or steps prior to entering into a contract
  • Compliance with legal obligations
  • Your consent, where required
  • Legitimate interests, such as website security, customer communication, and business administration

5. Who receives your data

Your personal data may be shared only where necessary, for example with:

  • Payment service providers
  • Delivery and shipping providers
  • Website hosting or technical support providers
  • Accounting or tax service providers
  • Public authorities where required by law

6. How long we keep your data

We keep personal data only for as long as necessary for the purpose for which it was collected, unless a longer retention period is required by law.

  • Inquiry messages: [e.g. 12 months]
  • Order-related data: for the duration necessary to complete the order and handle any follow-up
  • Invoices and accounting records: for the period required by applicable law
  • Marketing consent records: until consent is withdrawn or no longer needed

7. Your rights

Under applicable data protection law, you may have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data, where applicable
  • Request restriction of processing
  • Object to certain processing
  • Request data portability, where applicable
  • Withdraw consent at any time, where processing is based on consent

8. Cookies

This website may use cookies necessary for its basic functioning. If analytics, advertising, or other non-essential cookies are used, they will only be activated in accordance with applicable law. More information is available in our Cookies Policy.

9. Complaints

If you believe your data protection rights have been violated, you may contact us first. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP).

10. Contact

For privacy-related questions or to exercise your rights, please contact us at: