INTRODUCTORY PROVISIONS
Obrt Sara Tattva, Stanka Vraza 32, 10290 Zaprešić, Croatia, registered in the Republic of Croatia under the Company Registration Number MBO: 98661086, VAT Identification Number OIB: 68975173794, email: sara@saratattva.hr (hereinafter referred to as “Sara Tattva,” “we,” “us,” “our,” etc.) is the owner of the website (www.) saratattva.hr (“the website”).
Sara Tattva, as the data controller, is committed to protecting the privacy of our users. These privacy policies explain how Sara Tattva processes your personal data. Sara Tattva is dedicated to safeguarding your personal data and processing it in accordance with the General Data Protection Regulation and the Implementation Act of the General Data Protection Regulation.
Please carefully read these policies to understand why and how we collect your personal data and how it will be used. In case of any questions or complaints related to these Privacy Policies or the handling of personal data, you can contact us via email or mail at the addresses provided above.
By using this website, you accept these Privacy Policies.
DATA COLLECTION
Personal data is any information relating to an individual whose identity is known or can be determined. An individual whose identity can be determined is a person who can be identified directly or indirectly, especially with the help of identifiers such as name, identification number, location data, network identifier, or with the help of one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
We collect your personal data only when you voluntarily provide us with such information, in accordance with the provisions of these Policies.
Certain information and data that are not personal data may be automatically collected through our internet servers or through the use of “cookies.” Examples of website usage information include: the most visited and viewed pages and links on our website, the number of completed forms, time spent on the page, the most popular keywords leading users to our site, your IP address, information collected through cookies, and data about your device such as hardware settings, system activities, types of browsers, etc.
LEGAL BASIS FOR DATA PROCESSING
We process users’ personal data when regulations require certain actions, when processing is necessary for the performance of a contract or actions prior to entering into a contract, or based on our legitimate interests, except when these interests are overridden by the interests or fundamental rights and freedoms of individuals requiring the protection of personal data. If we cannot process personal data based on the aforementioned legal bases, we will seek your consent.
a) Registration
Sara Tattva allows users to register on the website. For this purpose, the user enters their name, surname, email address, and a chosen password. Based on the registration, the user can browse the offerings, create a wishlist, compare products, order products more quickly and easily, and access special offers or immediately add products to the cart and make purchases.
During the registration process, a user account is created for one individual only, and it is not allowed to disclose registration or account information to third parties. The user is obligated to safeguard the security password and account information and is responsible for all unauthorized activities authorized and performed under their username and/or password.
The legal basis for processing data for user registration on the website is the contractual obligation that arises from the user’s registration on the website and acceptance of the Terms and Conditions. If a registered user wishes to delete their profile, they can submit a request to sara@saratattva.hr.
b) Newsletter
If you wish to receive newsletters about our offers and new content on the website, you can subscribe using the form by providing your email address, with the optional input of your name and surname for the purpose of message personalization. An email confirmation of your newsletter subscription will be sent to the email address registered by the user before the first newsletter is sent, as part of the double authentication process. This confirmation is used to verify whether the email owner, as the respondent, agrees to receive the newsletter. Personal data collected for newsletter subscriptions will be used exclusively for sending our newsletter.
To manage subscriptions and deliver newsletters, we use the Hubspot platform. The Hubspot system records newsletter openings and clicks on links to provide statistical data on which content was interesting to newsletter recipients.
At any time, you can opt-out of receiving newsletters by choosing the provided consent withdrawal option in the received newsletter or by contacting sara@saratattva.hr. Withdrawal of consent does not affect the lawfulness of processing until the moment of withdrawal. Newsletter subscription is voluntary, and users do not incur any negative consequences if they do not give or withdraw consent.
In case of consent withdrawal, you will no longer receive our newsletter, and the email addresses that have been unsubscribed will remain on our unsubscribe list for the purpose of proving compliance with legal obligations.
c) Remote Purchase
For the purpose of making purchases through the website, the user provides personal information: name, surname, address, email address, phone/mobile number, for the execution of the contract and the provision of pre-contractual information in accordance with regulations.
When making a purchase through the website, the user confirms acceptance of the General Terms and Conditions and Privacy Policy available on the website. The user can provide their data to fulfill the contract through the website either by using a registered profile or as a guest.
User’s personal data provided during the purchase process are processed for the purpose of fulfilling the contract, including the prior verification of conditions for contract formation, as well as for processing payment transactions and delivering products. Personal data will also be processed to prevent potential misuse and fraudulent activities, based on legitimate interests and in accordance with regulations.
The user is obligated to provide accurate, valid, and complete personal data. In case of a breach of this obligation, Sara Tattva has the right to deny access or withhold the fulfillment of all or part of the services or products offered. The processing of personal data for the purpose of contract execution is a condition for providing the service and cannot be limited or revoked in this regard. If the buyer refuses to provide their personal data, they will not be able to enter into a contract or make a purchase.
Sara Tattva will not disclose or transmit user’s personal data, except for the purpose of fulfilling the purchase contract (involving financial institutions for payment processing, suppliers of purchased products for billing, delivery, and shipment of ordered products, and individuals authorized to maintain IT systems for transaction processing). Personal data will also be provided to competent authorities in accordance with regulations. Personal data is stored for the legally prescribed periods.
If the buyer, who is a natural person, makes a purchase via a bank transfer/general payment slip, we process the buyer’s IBAN data for accounting purposes and transaction tracking.
Sara Tattva does not process or have access to user’s credit card information and security codes as the processing of card transactions is handled by the payment processor Corvus info d.o.o. in accordance with the General Terms.
Also, for the implementation of online purchases, certain cookies are necessary for placing products in the cart and the functionality of the online store, and they are stored on the buyer’s device in accordance with regulations.
PURPOSE OF DATA PROCESSING
We process your personal data when necessary for marketing purposes, to improve our business and your user experience (e.g., when you purchase or order products and/or services from us, when you contact our customer service, when you subscribe to our newsletter, when you complete a survey about our products and services, etc.).
We process user’s personal data for one of the following purposes:
- Personalizing the user experience – the collected information helps us better respond to individual user needs;
- Improving the website – we continually strive to improve the website offerings based on feedback received from users;
- Establishing the primary communication channel with users;
- Sending newsletters;
- For the conclusion and fulfillment of rights and obligations arising from the sales contract.
RECIPIENTS OF PERSONAL DATA
On our website, we do not offer or provide services or products from third parties.
We may share user’s personal data with our trusted partners who maintain our IT system or provide services on behalf of Sara Tattva. For example, for marketing purposes, finance, advertising, payment processing, delivery, and other services. These service providers are obligated, in accordance with regulations and contractual obligations, to use the transferred data strictly for a specified purpose. We also require our partners to adequately protect the transferred data and treat it as a business secret.
In some cases, our partners providing services on behalf of or for Sara Tattva may process your data outside the European Union. However, the contracts we enter into with such entities bind them to handle your data with special security measures in accordance with regulations applicable in the European Union.
DATA PROTECTION
To safeguard the collected personal data, we employ physical, technical, and organizational security measures. We continually upgrade and test our security technology. We restrict access to user’s personal data only to those employees who need to know that information to provide you with some benefits or services. Additionally, we educate our employees about the importance of data confidentiality and the preservation of privacy and data protection.
STORAGE OF PERSONAL DATA
All data is stored in databases and repositories in the Republic of Croatia. We will not transfer or store data in countries outside the European Union, except for data collected by the Hubspot system for sending newsletters based on standard contractual clauses for the transfer of personal data.
The personal data we collect about you is kept in a secure environment. Your personal data is protected from unauthorized access, disclosure, use, alteration, or destruction by any organization or individual.
The collected data for the purposes mentioned above will be stored only for as long as necessary for the specified purposes. Your personal data will not be kept in a form that allows you to be identified for longer than Sara Tattva reasonably believes is necessary to achieve the purpose for which they were collected or processed. Sara Tattva will retain certain personal data for the period prescribed by law or regulations that require Sara Tattva to retain data.
If you have given us consent, we will process your personal data until the withdrawal of consent. If you raise a legitimate objection to the processing of personal data based on legitimate interest, we will not process your personal data in the future.
If legal, administrative, or other proceedings are initiated, personal data may be stored until the end of such proceedings, including any possible period for filing legal remedies.
COOKIES
We will retain and analyze information about your recent visit to our website and how you used various parts of our website for analytical purposes, i.e., to understand how users utilize our website.
To maintain your website and ensure its functionality meets expectations, Sara Tattva uses technology known as “cookies.” Cookies are small files that we send to your computer and can later access. They can be temporary or permanent. Thanks to cookies, you can easily browse our pages and view results that are relevant to you. Cookies show us what interests you and other visitors to our website, helping us to improve it.
USER RIGHTS
User rights regarding the protection of personal data, under the conditions specified in these Rules and applicable regulations, include:
- Right of access:
You have the right to obtain confirmation from us as to whether your personal data is being processed and, if so, access to personal data. Information about access includes, among other things, the purposes of processing, the categories of personal data in question, recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an unconditional right, and the interests of other individuals may limit your right of access. You have the right to obtain a copy of the personal data being processed. For further copies you request, we may charge a reasonable fee based on administrative costs.
- Right to rectification:
You have the right to obtain from us the correction of your inaccurate personal data. Considering the purposes of processing, you have the right to complete incomplete personal data, among other things, by providing additional statements.
- Right to erasure (“right to be forgotten”):
You have the right to obtain from us the erasure of your personal data, and we are obliged to delete such personal data.
- Right to restriction of processing:
You have the right to obtain from us the restriction of processing of your personal data. In this case, the relevant data will be marked and may only be processed for specific purposes.
- Right to object:
You have the right to object at any time to the processing of your personal data for reasons related to your particular situation or when personal data is processed for direct marketing purposes, and you may request us to no longer process your personal data.
- Right to data portability:
You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without our hindrance.
If you want to learn more or want to exercise one or more of the above rights, feel free to contact Sara Tattva at the email address sara@saratattva.hr or at the address Stanka Vraza 32, 10290 Zaprešić, Croatia.
NOTIFICATION OF PERSONAL DATA BREACH
If you are not satisfied with how we process your personal data, you can contact the Personal Data Protection Agency.
In the event of a personal data breach, we will notify you and the relevant supervisory authority by email within 72 hours of the extent of the breach, the data involved, the potential impact on our services, and our planned measures to secure the data and limit any harmful effects on individuals.
We will not send you a notification of a breach in the following cases:
- if there are technical and organizational measures of protection, such as encryption, applied to the personal data affected by the breach, making the data incomprehensible to anyone unauthorized to access it;
- if we have taken subsequent measures to ensure that it is no longer likely to lead to a breach of personal data;
- if it would require a disproportionate effort, in which case we will inform you through public means of communication or similarly effective measures.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or processed in connection with the provision of our services.
FINAL PROVISIONS
In the event of changes to our privacy policy, we will notify you on this page and update the privacy policy modification date below as follows.
This privacy policy was last modified on November 30, 2023.