ANNEBEAUTY SHOP

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, store, and protect your personal data in compliance with GDPR and Croatian law.

Last updated: February 2026

1. Introduction

ANNE STUDIO obrt za usluge i trgovinu ('we', 'us', 'our') is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and safeguard your personal data when you visit our website annebeauty.shop or make a purchase. This policy is in accordance with the General Data Protection Regulation (GDPR - Regulation EU 2016/679) and the Croatian Act on Implementation of the General Data Protection Regulation (OG 42/18).

2. Data Controller

The data controller responsible for your personal data is:

ANNE STUDIO obrt za usluge i trgovinu

Ulica Dr. Ante Starčevića 63g, 40000 Pribislavec, Čakovec, Croatia

OIB: 70908718198

Email: info@annebeauty.shop

3. Personal Data We Collect

We collect the following categories of personal data when you interact with us:

  • Identity data: first name, last name, username, title
  • Contact data: email address, phone number, delivery address, billing address
  • Transaction data: purchase history, order details, payment records (card details are processed by Stripe and never stored by us)
  • Account data: login credentials, account preferences, wishlist items
  • Technical data: IP address, browser type and version, device type, operating system, time zone
  • Usage data: pages visited, products viewed, search queries, click patterns, session duration
  • Marketing data: preferences for receiving newsletters, promotional emails, and communication history

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b)): Processing necessary to fulfill your orders, deliver products, process payments, and manage your account
  • Consent (Art. 6(1)(a)): For marketing communications, newsletters, and non-essential cookies. You may withdraw consent at any time
  • Legitimate interests (Art. 6(1)(f)): To improve our services, prevent fraud, analyze website performance, and protect our legal rights
  • Legal obligation (Art. 6(1)(c)): To comply with tax laws, accounting requirements, and legal proceedings

5. How We Use Your Data

We use your personal data for the following specific purposes:

  • Process and fulfill your orders, including payment processing and shipping
  • Create and manage your customer account
  • Send transactional emails: order confirmations, shipping updates, delivery notifications
  • Respond to your inquiries, complaints, and customer service requests
  • Send newsletters and promotional communications (only with your explicit consent)
  • Personalize your shopping experience and product recommendations
  • Analyze website traffic and user behavior to improve our services
  • Detect and prevent fraud, security threats, and unauthorized access
  • Comply with legal obligations, including tax reporting and record-keeping

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience. Essential cookies are necessary for website functionality. Analytics cookies (e.g., Google Analytics) help us understand site usage. Marketing cookies are used only with your consent. You can manage cookie preferences through our Cookie Settings or your browser settings. For details, see our Cookie Policy.

7. Data Sharing and Recipients

We share your personal data only with trusted third parties who process data on our behalf:

  • Shipping carriers (HP Hrvatska pošta, GLS, DHL, DPD): To deliver your orders - we share name, address, phone number
  • Payment processor (Stripe): To securely process card payments - Stripe is PCI-DSS compliant
  • Hosting provider (Cloudflare, Vercel): For website hosting and security
  • Email service (Resend): For transactional and marketing emails
  • Analytics (Google Analytics): For anonymized website usage statistics
  • Legal authorities: When required by Croatian law or valid legal process

8. Data Retention

We retain your personal data only for as long as necessary: Order and invoice data: 10 years (as required by Croatian tax law - Opći porezni zakon). Account data: Until you delete your account or request erasure. Marketing data: Until you withdraw consent or unsubscribe. Technical/analytics data: 26 months maximum. Cookie data: According to cookie type (see Cookie Policy).

9. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you
  • Right to rectification (Art. 16): Correct any inaccurate or incomplete personal data
  • Right to erasure (Art. 17): Request deletion of your personal data ('right to be forgotten')
  • Right to restriction (Art. 18): Request temporary restriction of data processing
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent (Art. 7): Withdraw consent at any time without affecting previous processing
  • Right not to be subject to automated decisions (Art. 22): We do not make automated decisions about you

To exercise any of these rights, contact us at info@annebeauty.shop. We will respond within 30 days. We may request verification of your identity before processing your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. These include: SSL/TLS encryption for all data transmission, secure password hashing, access controls limiting data access to authorized personnel, regular security audits, PCI-DSS compliant payment processing through Stripe. While we strive to protect your data, no internet transmission is 100% secure.

11. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure adequate protection through: Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions by the European Commission, or service providers certified under recognized frameworks. By using our services, you acknowledge these transfers.

12. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at info@annebeauty.shop and we will delete it.

13. Third-Party Links

Our website may contain links to third-party websites (e.g., brand websites, social media). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated 'Last updated' date. Material changes may be communicated via email if you have an account. Your continued use of our website after changes constitutes acceptance of the updated policy.

15. Complaints and Supervisory Authority

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka - AZOP). Website: azop.hr | Address: Selska cesta 136, 10000 Zagreb, Croatia | Email: azop@azop.hr

16. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights, contact us: Email: info@annebeauty.shop | Address: ANNE STUDIO obrt za usluge i trgovinu, Ulica Dr. Ante Starčevića 63g, Pribislavec, 40000 Čakovec, Croatia | OIB: 70908718198