Zagreb

All the harmony of nature in a jar!

Varžak med - Prirodni sklad pretočen u teglicu
9/9
9/9
 
 

Privacy Statement (GDPR)

Privacy Policy

Varžak M
Vrbovo Posavsko 54, 10411 Orle
Zagreb County, Croatia
Tel: +385 1 3535889
E-mail: info@varzakmed.hr
Web: www.varzakmed.hr
OIB: available on request

Introduction

Varžak M – obrt (hereinafter: “Varžak M”) is committed to protecting the privacy and security of the personal data of its users, customers and website visitors. This Privacy Policy explains what personal data we collect, how we process it, for what purposes we use it, and what rights data subjects have. The Policy has been drafted in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the applicable laws of the Republic of Croatia.

Data Controller and Data Protection Officer

Data Controller: Varžak M
Data Protection Officer: Renata Varžak
Contact: info@varzakmed.hr

How we collect personal data

We collect personal data only to the extent necessary for lawful and clearly defined purposes, through:

  • online store (orders, user account registrations),
  • contact forms and direct e-mail communication,
  • telephone communication,
  • social media interactions,
  • newsletter subscriptions and marketing activities.

Types of personal data we process

  • basic identification and contact details (name, address, phone, e-mail),
  • data necessary for concluding and performing contracts (orders, invoicing and delivery details),
  • data necessary for payment processing,
  • data related to customer communication (written and electronic correspondence, inquiries),
  • data for marketing purposes (newsletter subscriptions, preference records),
  • technical data collected through the use of our website (IP address, cookies, browser data, etc.).

Purposes of processing

Personal data is processed solely for legitimate purposes, in particular for:

  • order processing and contract performance,
  • product delivery and customer communication,
  • compliance with legal obligations (accounting, tax and others),
  • marketing, promotions and customer information (newsletters, special offers),
  • improving user experience and website security,
  • protecting our legal interests and complying with judicial and administrative decisions.

Legal bases for processing

  • the data subject’s consent for one or more specific purposes,
  • the necessity of processing for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract,
  • compliance with legal obligations applicable to Varžak M,
  • legitimate interests pursued by Varžak M, provided that the rights of data subjects are respected.

Sharing personal data

Data is shared only when necessary and lawful, with:

  • delivery service providers for order fulfillment,
  • accounting services for compliance with legal obligations,
  • marketing partners for newsletters and advertising,
  • competent public authorities when required by law.

Varžak M remains responsible for the protection of personal data and ensures that all contractual partners comply with GDPR and implement appropriate technical and organizational measures.

Data transfers to third countries

In the event of transfers of personal data to third countries or international organizations, Varžak M will ensure the application of safeguards as required by GDPR (e.g. Standard Contractual Clauses, adequacy decisions, or other appropriate safeguards).

Data retention

Personal data is stored only as long as necessary to fulfill the purposes for which it was collected, or for as long as required by applicable laws (particularly accounting and tax regulations). Data collected on the basis of consent is retained until such consent is withdrawn.

Data subject rights

Data subjects have the right to request:

  • access to their personal data and information on processing,
  • correction or completion of inaccurate data,
  • erasure of personal data (“right to be forgotten”) when conditions are met,
  • restriction of processing in specific cases,
  • data portability,
  • objection to the processing of data, including processing for direct marketing purposes,
  • withdrawal of consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise these rights, you may contact us at: info@varzakmed.hr. If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority: Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, azop.hr.

Data security

We apply appropriate technical and organizational measures to prevent unauthorized access, loss, disclosure or misuse of personal data. Data may be stored in physical and/or electronic form, within our systems or those of contractual partners acting under our instructions.

Changes to this Privacy Policy

Varžak M reserves the right to amend this Privacy Policy in line with changes in legal requirements or in our data processing practices. The updated version will be published on www.varzakmed.hr and will apply from the date of publication.

This Privacy Policy was last updated on September 26, 2025.