Privacy policy

Privacy Policy

Last updated: February 1, 2026

Eden Atelier Shop operates this online store and website, including all related information, content, functionality, tools, products, and services (hereinafter: “Services”) in order to provide you with a safe and high-quality shopping experience. Eden Atelier Shop uses the Shopify platform, which enables the technical provision of the Services.

This Privacy Policy describes how we collect, use, and share your personal data when you visit our online store, use the Services, make a purchase, or communicate with us.

In the event of any conflict between the Terms of Service and this Privacy Policy, this Privacy Policy shall prevail with respect to personal data processing.

By using the Services, you confirm that you are familiar with this Privacy Policy and understand how personal data is processed as described below.

1. Data Controller

EDEN ATELIER, beauty services craft
Owner: Aleksandra Ožeg
Trg Matije Gupca 1/A, 42207 Vinica, Croatia
E-mail: info@edenateliershop.eu

Within the meaning of Regulation (EU) 2016/679 (GDPR), Eden Atelier Shop acts as the controller of personal data.

2. What Is Considered Personal Data

Personal data refers to any information relating to an identified or identifiable natural person. This does not include anonymized or permanently de-identified data.

3. What Personal Data We Collect

Depending on your interaction with the Services, we may collect the following categories of personal data:

  • Contact information: first and last name, address, billing and shipping address, phone number, email address
  • Payment information: payment method, payment confirmation, and transaction details
    (note: we do not store full card details)
  • Account information: username, settings, and preferences (if an account exists)
  • Order information: products you view, add to cart, purchase, return, or exchange
  • Communication: content of your communications with us (e.g., email inquiries)
  • Technical data: IP address, device, browser, and network information
  • Usage data: how and when you use the website and Services

4. Sources of Personal Data

We collect personal data:

  • directly from you (purchases, contact, communication)
  • automatically via the website (cookies and similar technologies)
  • through service providers (e.g., Shopify, payment processors, delivery services)
  • from business partners where permitted by law

5. Purposes of Data Processing

We use your personal data solely for legitimate purposes, including:

a) Providing and improving Services

  • order and payment processing
  • product delivery
  • account management
  • returns, exchanges, and complaints
  • personalization of user experience

b) Communication

  • responding to inquiries
  • customer support
  • order-related notifications

c) Security and fraud prevention

  • system and user protection

d) Legal obligations

  • accounting and tax compliance
  • responding to lawful requests from authorities

e) Marketing (with consent only)

  • sending promotional communications only with your explicit consent, which may be withdrawn at any time

6. Legal Basis for Processing

Personal data is processed based on:

  • performance of a contract (product purchases)
  • legal obligations
  • legitimate interests (security and system operation)
  • user consent (e.g., newsletters)

7. Sharing Personal Data

We share personal data only when necessary:

  • with Shopify
  • with payment providers (Shop Pay, Apple Pay, Google Pay, card processors)
  • with delivery services
  • with IT and hosting partners

All recipients are obligated to comply with GDPR.

8. Transfers Outside the EU

Shopify and related services may process data outside the European Union. In such cases, standard contractual clauses or other GDPR-approved safeguards are used.

9. Cookies

We use essential technical cookies required for website functionality and order processing.
Analytics and marketing cookies are used only with your consent via the cookie banner.

10. Data Retention and Security

Personal data is retained only as long as necessary for processing purposes or as required by law.
We apply appropriate technical and organizational security measures; however, no system can guarantee absolute security.

11. User Rights (GDPR)

You have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion (“right to be forgotten”)
  • restrict processing
  • data portability
  • object to processing withdraw consent at any time

To exercise your rights, contact us at:
📧 info@edenateliershop.eu

You also have the right to lodge a complaint with the Croatian Data Protection Authority (AZOP).

12. Children

Our Services are not intended for children. We do not knowingly collect personal data from minors.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy. Any changes will be published on this page with an updated effective date.

14. Contact

If you have questions regarding privacy or wish to exercise your rights, contact us:

info@edenateliershop.eu
EDEN ATELIER, beauty services craft
Trg Matije Gupca 1/A, 42207 Vinica, Croatia