Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016; hereinafter: the General Data Protection Regulation – GDPR), which has been fully applicable since 25 May 2018 in the Republic of Croatia and all Member States of the European Union, as well as pursuant to the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18), the company Hilding Anders d.o.o., with its registered office in the Republic of Croatia (hereinafter: Hespo), as the controller of personal data, adopts this Privacy Policy.
This Privacy Policy explains how Hespo collects, uses, processes, and protects the personal data of users and customers who use the website and webshop available at the domain hespo.hr.
This Privacy Policy applies to all services offered by Hespo and aims to inform visitors, customers, and business partners (hereinafter: data subjects) in a clear, transparent, and understandable manner about the methods of processing personal data and their rights.
Hespo is committed to protecting and respecting your privacy. Please read this Privacy Policy carefully to understand what data we collect, why we collect it, and how we use it.
The controller of personal data within the meaning of the GDPR is:
Merchant name: Hilding Anders d.o.o.
Registered office: Industrijska zona 11, 40323 Prelog, Republic of Croatia
Telephone: +385 40 650 000
E-mail: webshop@hespo.hr
VAT ID / Tax number: HR98594743140
For all questions related to the protection of personal data, you may contact us using the above contact details.
We collect your personal data when necessary to fulfill your requests, perform a contract, provide our services, or comply with legal obligations, in particular in the following situations:
when purchasing products via the webshop, when we collect data such as first and last name, delivery address, postal code, city, country, telephone number, and e-mail address; in this case, processing is necessary for the performance of a contract and for taking steps at your request prior to entering into a contract
when registering a user account
when subscribing to a newsletter or other promotional communications, where data is processed exclusively on the basis of your consent
when contacting us via contact forms, e-mail, or telephone
when exercising the right to unilateral contract termination, submitting complaints, or requesting returns
when participating in prize games or promotional activities, about which you will be additionally informed in the rules of the specific activity
when completing customer satisfaction surveys
when submitting an open job application
automatically, when accessing the website, when technical data such as IP address, date and time of access, browser type, operating system, and language settings are collected
We process personal data on the basis of:
performance of a contract or taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR)
compliance with legal obligations (Article 6(1)(c) GDPR)
consent of the data subject (Article 6(1)(a) GDPR)
legitimate interest of the controller, for example for website security or necessary technical cookies (Article 6(1)(f) GDPR)
Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
When purchasing products and selecting a payment method, certain data may be transferred to contractual payment service providers (banks, card companies, or other payment service providers), who in such cases may act as independent controllers or processors.
Hespo does not store credit or debit card data.
If you have given your consent, Hespo may process your e-mail address for the purpose of sending newsletters and promotional communications. You may withdraw your consent at any time via the unsubscribe link in the newsletter itself or by contacting Hespo.
The newsletter may contain statistical tools (e.g. a tracking pixel) that enable analysis of campaign performance exclusively in aggregated form.
Hespo uses cookies to ensure the proper functioning of the website, improve the user experience, and, with your consent, carry out analytics and advertising activities.
Detailed information about the types of cookies, their purpose, and duration is available in the Cookie Policy.
Your personal data may be shared with trusted partners exclusively for the purposes described in this Privacy Policy, including:
delivery service providers
IT and hosting service providers
payment service providers
analytics and marketing partners (with your consent)
All recipients are bound by data processing agreements and are required to ensure an appropriate level of protection.
By using tools such as Google Analytics (GA4), Google Ads, and Meta (Facebook), data may be transferred outside the European Union, including to the United States.
Such transfers are carried out with appropriate safeguards, including Standard Contractual Clauses (SCCs) and other mechanisms permitted by the GDPR.
In accordance with the GDPR, you have the right to:
request access to your personal data
request correction of inaccurate or incomplete data
request erasure of personal data, where applicable
request restriction of processing
object to processing based on legitimate interest
request data portability
withdraw consent at any time
To exercise your rights, you may contact us using the contact details provided above.
If you believe that your rights related to the protection of personal data have been violated, you have the right to lodge a complaint with the supervisory authority:
Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136, 10000 Zagreb
www.azop.hr
Personal data is stored in a secure environment with the application of appropriate technical and organizational security measures. Data is retained only for as long as necessary to achieve the purpose of processing or for the periods prescribed by law.
In the event of judicial, administrative, or out-of-court proceedings, personal data may be retained until the final conclusion of the proceedings.
Hespo reserves the right to amend and supplement this Privacy Policy. All changes will be published on the website and shall enter into force on the date of publication.
