Privacy Policy

Last updated: 18/02/2026

This Privacy Policy describes how Luminastart j.d.o.o., Drašnička ulica 6, 10000 Zagreb, Croatia, VAT ID: HR60810227735 (“we”, “us”, “our”) collects, uses and protects your personal data when you visit or make a purchase from www.irenart.studio(the “Site”).

For the purposes of GDPR, Luminastart j.d.o.o. is the Data Controller of your personal data.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. WHAT PERSONAL DATA WE COLLECT

Depending on how you interact with our Site, we may collect:

1.1 Information you provide directly

  • Full name

  • Billing and shipping address

  • Email address

  • Phone number

  • Order details

  • Payment confirmation details

  • Communication messages

1.2 Automatically collected information

  • IP address

  • Device and browser type

  • Usage data

  • Pages visited

  • Interaction data

  • Cookies and tracking technologies

2. LEGAL BASIS FOR PROCESSING (GDPR – ARTICLE 6)

We process your personal data based on:

  • Performance of a contract (processing orders, shipping, payments)

  • Legal obligations (accounting, tax, fiscalization – e-Računi)

  • Legitimate interests (security, fraud prevention, website improvement)

  • Consent (newsletter subscription, marketing emails, cookies)

You may withdraw consent at any time.

3. HOW WE USE YOUR DATA

We use your data to:

  • Process and fulfill orders

  • Arrange shipping

  • Issue invoices (including fiscalized invoices via e-Računi system)

  • Process payments via Shopify Payments, Stripe and PayPal

  • Provide customer support

  • Send transactional emails

  • Send marketing emails (only with consent)

  • Improve website functionality

  • Prevent fraud

4. THIRD-PARTY SERVICE PROVIDERS

We use trusted third-party service providers who process personal data on our behalf:

4.1 Shopify

Our store is hosted on Shopify Inc., which provides the e-commerce platform.

4.2 Payment Processors

Payments are securely processed by:

  • Shopify Payments

  • Stripe

  • PayPal

We do not store full credit card information.

4.3 Email Marketing – MailerLite

If you subscribe to our newsletter, your email address and related data are processed by MailerLite, our email marketing provider.

You can unsubscribe at any time via the unsubscribe link in any email.

4.4 Accounting & Fiscalization – e-Računi

To comply with Croatian accounting and tax regulations, invoice data may be processed through the e-Računi system for fiscalization and legal compliance.

This processing is required by law.

4.5 Shipping Providers

We share necessary delivery data (name, address, phone number) with courier services for shipment purposes.

5. COOKIES AND TRACKING TECHNOLOGIES

We use cookies to:

  • Enable core website functionality

  • Remember preferences

  • Analyze traffic

  • Improve user experience

Cookies may be set by:

  • Shopify

  • Analytics providers

  • Marketing platforms

You can manage cookie preferences through your browser settings or cookie banner.

Blocking cookies may affect website functionality.

6. DATA RETENTION

We retain personal data only as long as necessary:

  • Order and invoice data: as required by Croatian accounting law (minimum 11 years)

  • Marketing data: until you withdraw consent

  • Customer service communications: as long as necessary to resolve issues

7. YOUR RIGHTS UNDER GDPR

You have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request deletion

  • Restrict processing

  • Data portability

  • Withdraw consent

  • Object to processing

  • Lodge a complaint with the Croatian Data Protection Authority (AZOP)

8. INTERNATIONAL TRANSFERS

Some service providers (e.g. Shopify, Stripe) may process data outside the EU.

Where required, transfers are protected by:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions

  • Other lawful safeguards

9. DATA SECURITY

We implement appropriate technical and organizational measures to protect personal data.

However, no internet transmission is completely secure.

Payment data is encrypted and processed through PCI-DSS compliant providers.

10. CHILDREN

Our Services are not directed to individuals under 18.

We do not knowingly collect personal data from children.

11. CONTACT

For any privacy-related questions:

Luminastart j.d.o.o.
Drašnička ulica 6
10000 Zagreb, Croatia

info@irenart.studio