Privacy policy

Tersa d.o.o. respects the privacy and protects the personal data of its users, business partners, or other persons with whom it conducts business cooperation, and whose personal data it collects and processes in its daily operations.

The data protection and privacy policy is the fundamental document that describes the purpose and goals of collecting, processing, and managing personal data, as well as ensuring an adequate level of data protection (hereinafter: ‘the Policy’). In order to ensure fair and transparent processing, Tersa d.o.o. provides you with clear information about the processing and protection of personal data it collects and processes, and enables simple oversight and management of personal data and consents.

The Policy has been formed in accordance with applicable regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR and the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18).

DATA WE COLLECT

During a visit to our online store

You can visit Tersa d.o.o.’s website and store without providing information about yourself. In that case, we will collect technical access data that your browser automatically transmits to our server when browsing our website. Access data includes the following information:

  • time and date of access
  • the address of the web page you accessed and are accessing
  • content of the request (addresses and names of requested files)
  • information about the browser and operating system used (versions, language settings)
  • online identification data (e.g., IP address, device identification, session IDs)
  • error messages, where applicable (if the requested content cannot be displayed)
  • the last visited page from which you were redirected to our site via a link

When you visit our website, your access data will be automatically stored in the log files of our server and subsequently anonymized by shortening or deleting your IP address. After this process, it will no longer be possible to draw conclusions about your identity based on the server’s log files.

We will also collect data that you directly provide by using the available features. For example, we will learn which products interest you when you use the search function.

Consents for the use of email/contact number

The data we collect when using the webshop are your personal data (first and last name, residential address), email address, and phone number. By entering your data, you agree that we may use your data to send emails in the form of newsletters or for other communication and promotional purposes.

Cookie Policy (‘cookies’)

The Tersa d.o.o. online store uses cookies in order to improve your user experience. A cookie is a standardized text file that your web browser stores on your computer for a period of time determined by the cookie provider. Cookies enable the local storage of information such as language settings, shopping cart content, and temporary identification features that can be recalled during subsequent visits to the website in order to restore the appropriate settings selected by the user during a previous visit. This information can only be stored if you, as the user, allow it. The website and store cannot access information without your permission and cannot access other files on your computer.

During your first visit to our website and online store, you will independently choose the level of cookies you wish to have stored on your computer, thereby fully managing the cookie usage process.

You can review and delete cookies used in the security settings of your browser. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or any cookies at all.

When placing an order in the online store

We will collect data about the products you order, as well as data directly collected in connection with the fulfillment of your orders. The data for order fulfillment are as follows:

  • information about ordered products, such as item numbers and size
  • first and last name
  • delivery address for goods
  • email address
  • mobile phone number for delivery contact purposes
  • payment information
  • data on returns and complaints (e.g., reasons for return, notifications of defects)
  • order numbers
  • shipment tracking numbers
  • company name and contact person, company address, and tax ID number (if you have requested an R1 invoice)

Even if you place several orders as a guest and use identical core data, our systems will keep your data in a single user data record in order to facilitate the maintenance of our customer database.

When you contact us

We will collect the communication data you fill in when you contact us via the contact form on our website, by email, telephone, or in another way. Depending on the channel you use, this may include, for example, contact information (such as an email address or phone number) and the content of your message.

We will also use the offerings provided by social networks such as Facebook and Instagram to interact with our customers. Please note that Tersa d.o.o. has no influence on the terms of service of social networks or their data processing policies. Therefore, be sure to check the personal data you provide to us via social networks.

WAYS IN WHICH WE USE THE COLLECTED DATA

Visiting the Tersa d.o.o. online store

When visiting and browsing the Tersa d.o.o. website and store, we will process access data, server log files, and cookies collected in this context in order to make our website, its content, and the functionalities you use available to you, and to ensure the stability and security of our IT system and databases.

The legal basis for the lawfulness of data processing when visiting the Tersa d.o.o. website and store is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, point f – processing necessary for the purposes of legitimate interests – technical accessibility of the website.

Ordering products and performance of the sales contract

We process your data in order to perform the contracts we have concluded with you and to provide you with the services and products you have requested. The purpose of the processing is primarily based on the specific contents of the contract. Additional details about the purpose of data processing can be found in the General Terms and Conditions of Use of the Tersa d.o.o. online store.

The legal basis for the lawfulness of data processing when processing an order and performing a sales contract is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, point b – processing necessary for the conclusion and performance of a contract.

Payment methods and processing

Payment methods: On tersa.hr, payment is enabled via bank transfer and payment cards (Mastercard, Maestro, Visa).

Depending on the selected payment method (credit or debit card), the data required for payment will be forwarded to our contractual partner CorvusPay, which carries out the charge. The payment service provider collects data within its own card payment application, in which case the provider’s own privacy notices apply. Tersa d.o.o. does not have access to the data required for payment, nor does it store it.

The transfer of your data to external payment service providers is based on Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, point b – processing necessary for the conclusion and performance of a contract.

Internal market research, optimization, and improvement of the offer

We will use the data you enter (e.g., data on ordered products, returns) for internal statistical purposes and for market research purposes. Before use, we will anonymize the data by removing all personal data, e.g., by replacing your name and other identifying data with random data.

In this way we can measure which pages of our online store and which products are popular, which devices our users generally use, and from which regions our website is accessed. The collected data helps us to continuously optimize our existing offer and develop new functionalities and services.

The legal basis for the lawfulness of processing this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, point f – processing necessary for the purposes of legitimate interests – improving website functionality and quality of the offer.

CASES IN WHICH WE WILL SHARE PERSONAL DATA

In principle, we will share your data only if:

  • you have explicitly consented to this in accordance with Article 6, paragraph 1, point a, Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR
  • sharing is necessary under Article 6, paragraph 1, point f in order to establish, exercise, or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in your data not being shared
  • sharing is necessary for compliance with a legal obligation under Article 6, paragraph 1, points c or e, General Data Protection Regulation GDPR, in particular if we are required to provide information to a public authority
  • sharing is permitted by law and necessary under Article 6, paragraph 1, point b, General Data Protection Regulation, GDPR for the performance of a contract with you or for taking steps at your request prior to entering into a contract.

Some of the processing activities described here may be carried out by external service providers acting on our behalf. Service providers referred to in this document may include data centers that store and maintain our websites and databases, IT service providers that maintain our business systems, as well as consulting firms.

If and to the extent that we share data with our service providers, such data may only be used for the purpose of performing their services. The processing of your data by contractual service providers will take place within the framework of processing and fulfilling your order in accordance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR. Contractual service providers are carefully selected business partners. They are contractually bound by our instructions, implement appropriate technical and organizational measures to protect the rights of data subjects, and are subject to regular audits conducted by us.

HOW LONG YOUR DATA WILL BE STORED

Unless otherwise stated herein, your data will be stored only for as long as is necessary to fulfill our contractual or legal obligations or the purpose for which the data was originally collected, or for as long as we have a legitimate interest in storing such data.

In all other cases, your personal data will be deleted, except for data that we must retain in accordance with legal retention periods. However, in such cases we will restrict the processing of the data, i.e., your data will only be used in accordance with legal obligations.

Typically, your orders and payment data, and other data where applicable, are subject to legal retention obligations, and therefore we are obliged to retain such data for up to ten years.

Even if data is not subject to legal retention obligations, we may refrain from deleting your data in cases permitted by law and instead restrict its processing. This may apply in particular in cases where such data may be required for further processing of the contract or for exercising rights or for the purpose of legal defense. The duration of the restriction on processing will depend on the statutory limitation periods.

RIGHT TO WITHDRAW CONSENT AND RIGHT TO OBJECT

If you wish to exercise your right of withdrawal or objection below, please send a notice to the contact details tersa@tersa.hr.

Withdrawal of consent

Article 7, paragraph 3 of the General Data Protection Regulation GDPR (EU) 2016/679 gives you the right to withdraw any consent you have previously given. This means that we will no longer continue, in the future, processing data that was based on your consent. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

Objection to the processing of your data

If we process your data on the basis of legitimate interests pursuant to Article 6, paragraph 1, point f of the General Data Protection Regulation GDPR (EU) 2016/679, you have the right under Article 21 to object to the manner of processing of your data if there are reasons arising from the specific nature of your situation, or if the objection is directed against direct advertising.

DATA SECURITY

We use all appropriate technical measures to ensure data security, in particular to protect your data from risks during data transmission, as well as from unauthorized access by third parties.