Privacy policy
Dada&Rocco d.o.o. • Protection and Processing of Personal Data
Last Updated: May 2026
Dada&Rocco d.o.o. operates this online store and website, www.dadaandrocco.com, including all related information, content, tools, and services, in order to provide you, the customer, with a carefully curated shopping experience ("Services"). Our store runs on the Shopify platform, which enables us to provide these services.
This Privacy Policy describes how we collect, use, and disclose your personal data when you visit our site, make a purchase, or otherwise communicate with us. In the event of any discrepancy between our Terms and Conditions and this Privacy Policy, this Privacy Policy shall prevail regarding the collection, processing, and disclosure of your personal data.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read and understand the collection, use, and sharing of your information as described herein.
1. Personal Data We Collect or Process
Depending on how you use our Services, we may collect or process the following categories of personal data:
-
Contact Information: Your first name, last name, residential address, billing address, delivery address, phone number, and email address.
-
Financial Information: Payment confirmations, selected payment method, and transaction details. Note: Your credit and debit card numbers are processed securely and encrypted directly through the CorvusPay system, and Dada&Rocco does not have access to your full payment card details.
-
Account Information: Your username, password (encrypted), security questions, and account preferences if you choose to register on our web shop.
-
Transaction Data: Items you view, place in the cart, add to the wishlist, purchase, return, exchange, or cancel.
-
Communications with Us: Information you provide when communicating with us (via email, social media, or contact forms).
-
Device and Usage Information: Data about your device, browser, network connection, your IP address, and information about your interaction with our website (time and method of navigation) collected through cookies.
2. Sources of Personal Data
We collect personal data:
-
Directly from You: When you create an account, place an order, subscribe to our newsletter, or send us an inquiry.
-
Automatically through the Services: Data is collected automatically from your device using cookies and similar technologies (such as Google Analytics) while browsing the website.
-
From Our Service Providers and Partners: Logistics and payment partners who enable the technical execution of your order.
3. How We Use Your Personal Data (Purpose of Processing)
We use your personal data for the following lawful purposes:
-
Performance of a Contract and Order Fulfillment: Payment processing, fulfillment of orders (especially the manual production and customization of items), arranging delivery with courier services, sending order status notifications, and processing eventual returns and complaints.
-
Customer Support: Responding to your inquiries and maintaining a quality business relationship with you.
-
Security and Fraud Prevention: Verifying account authenticity, ensuring secure payments, and detecting malicious or illegal activities.
-
Legal Compliance: Complying with the applicable laws of the Republic of Croatia (e.g., issuing fiscal invoices and fulfilling accounting obligations in accordance with the Civil Obligations Act and the Consumer Protection Act).
4. Special Provision on Newsletter and Marketing
Dada&Rocco uses your email address to send marketing, advertising, and promotional communications (newsletters) solely on the basis of your voluntary and explicit consent.
-
Method of Collection: You provide consent by actively entering your email address into the dedicated newsletter form on our website or by voluntarily ticking the checkbox to receive marketing notifications during checkout. The consent checkbox is not pre-ticked.
-
Processing Platforms: For the technical management and distribution of newsletters, we may use trusted external marketing platforms integrated with the Shopify system.
-
Right to Withdraw (Unsubscribe): You can withdraw your consent to receive the newsletter at any time, free of charge. Unsubscribing is done by clicking the "Unsubscribe" link located at the bottom of each newsletter received, or by sending a written request to our email address: info@dadaandrocco.com. Unsubscribing from the newsletter does not affect the receipt of system messages related to your open orders.
5. How and with Whom We Share Your Data (Third-Party Disclosure)
We do not sell or rent your personal data. We share it exclusively with trusted partners for the purpose of executing contracts and enabling the operation of the web shop:
-
Shopify Platform: Our technical service provider that hosts our store and processes data on our behalf.
-
Delivery Services: We share your name, address, and phone number with GLS Croatia d.d. and DPD Croatia d.o.o. so that couriers can successfully deliver your package and send you an SMS delivery announcement.
-
Payment System: Your billing data is forwarded to the CorvusPay system for secure authorization and card billing.
-
Analytical Tools: We use Google Analytics for anonymized traffic analysis and to improve the user experience.
6. Security, Retention, and International Data Transfer
No security measure on the internet is 100% impenetrable, but we take all commercially and legally justifiable technical and organizational measures to protect your data (SSL encryption, secure integrations).
-
Retention Period: We retain your data for as long as necessary to provide the services, maintain your account, comply with legal and accounting obligations in the Republic of Croatia (e.g., the obligation to retain invoices), or resolve disputes. Newsletter data is kept until the moment you unsubscribe.
-
International Transfer: Since we use the Shopify platform, your data may be transferred to and stored outside the European Economic Area (EEA). In such cases, the transfer is based on recognized protection mechanisms, such as the European Commission's Standard Contractual Clauses.
7. Your Rights Under the GDPR
If you are a resident of the European Economic Area (EEA), you have the following rights regarding your personal data:
-
Right of Access / Information: The right to confirm whether your data is being processed and to access the stored data.
-
Right to Rectification: The right to request the correction of inaccurate or incomplete data without undue delay.
-
Right to Erasure ("Right to be Forgotten"): The right to have data deleted if it is no longer necessary for the purpose it was collected, or if you withdraw your consent (provided there is no other legal basis for processing, such as accounting laws).
-
Right to Restriction and Objection to Processing: The right to request that we stop or restrict the processing of your data in certain situations.
-
Right to Data Portability: The right to receive your data in a structured, commonly used format for transmission to a third party.
-
Right to Withdraw Consent: The right to withdraw your given consent at any time (e.g., for the newsletter).
You can exercise any of these rights by sending a written request to our official email address: info@dadaandrocco.com. We will not discriminate against you for exercising your rights. For security purposes, we may request confirmation of your identity before processing your request.
8. Complaints and Supervisory Authority
If you believe that the processing of your personal data violates GDPR provisions, please contact us first so we can resolve the issue as quickly as possible.
Furthermore, you have the full right to lodge a complaint with the competent national data protection authority. In the Republic of Croatia, this is the Croatian Personal Data Protection Agency: Agencija za zaštitu osobnih podataka (AZOP), Selska cesta 136, 10000 Zagreb, www.azop.hr.
9. Data Controller and Contact Information
For any questions regarding this Privacy Policy, your rights, or data protection practices, you can contact the Data Controller directly:
-
Company: Dada&Rocco d.o.o.
-
Address: Put Kriza 15, 21400 Supetar, Croatia
-
Official Privacy Email: info@dadaandrocco.com
-
Phone: 00385916135433

