Privacy Policy

Version: 1.0 — Date: 26 September 2025

This Privacy Policy explains how Govic Company d.o.o. collects, uses and protects your personal data when you visit www.govic-company.hr and/or shop via the Online Shop.

Controller and contact

Govic Company d.o.o.
Drenovski put 41, 51000 Rijeka, Croatia
OIB (PIN): 69848131449
T: +385 (0)51 301 058 (Mon–Fri 9:00–19:00)
E: [email protected] / [email protected]

What data we collect

  • Identification and contact details: name and surname, address, e-mail, phone.

  • Order and delivery data: items, price, selected payment method, delivery address, delivery status.

  • Payment data: transaction result/authorisation (we do not process or store card numbers).

  • User account: username, password hash, order history, settings.

  • Communication: enquiries and correspondence (e-mail, phone).

  • Technical records: IP address, device/browser type, cookies and preferences (see the Cookie Policy).

Sources of data

We obtain data directly from you (order, registration, contact), automatically via cookies/technical logs, and from our partners (e.g., delivery status).

Purposes and legal bases (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)): processing orders, delivery, customer support.

  • Legal obligation (Art. 6(1)(c)): accounting and tax compliance (document retention).

  • Legitimate interest (Art. 6(1)(f)): system security, fraud/abuse prevention, service improvement, defence of legal claims (balanced against your rights).

  • Consent (Art. 6(1)(a)): newsletter/marketing communications, analytics and marketing cookies. You may withdraw consent at any time.

Recipients / categories of recipients

  • Payment system: Monri WSPay: Web Secure Payment Gateway (card payment processing on its secure pages).

  • Delivery: contracted partners (e.g., GLS, DPD Croatia, Box Now, Gebrüder Weiss).

  • IT/hosting & maintenance: website hosting, security and technical service providers.

  • Analytics/advertising (with consent): e.g., Google/Meta, if used.

  • Public authorities: where we are legally obliged to disclose data.

Transfers outside the EEA

We do not transfer data outside the EEA, unless required by a tool/partner located outside the EEA; in that case we apply appropriate safeguards (e.g., Standard Contractual Clauses).

Retention periods

  • Order/delivery data: as long as necessary to perform the contract and for after-sales support.

  • Accounting records: according to applicable statutory retention periods.

  • Newsletter/consents: until unsubscribe/consent withdrawal.

  • Technical logs: for a reasonable period required for security and audit purposes.

Your rights

You have the right to request: access, rectification, erasure, restriction of processing, data portability, to object to processing based on legitimate interests, and to withdraw consent (without affecting the lawfulness of processing prior to withdrawal).
Requests may be sent to [email protected]. You also have the right to lodge a complaint with AZOP – the Croatian Personal Data Protection Agency.

Automated decision-making

We do not make decisions based solely on automated processing that produce legal effects concerning you.

Data security

Card payments are processed by Monri WSPay on its secure pages (TLS/SSL, 3-D Secure). Internally, we apply technical and organisational measures (access controls, encryption where applicable, backups).

Children

The Online Shop is intended for adults. Purchases on behalf of minors may be made only by legal representatives/guardians.

Changes to this Policy

We may update this Policy from time to time. The current version is always available on our website; we will highlight any material changes before they take effect.