Privacy policy

Last updated: August 12, 2025

1) Who we are (Controller)

This website is operated by KREIVA projekt d.o.o. (“we”, “us”, “our”).
Registered office: Ulica Ivana Banjavčića 5, 10000 Zagreb, Croatia
Company number (MBS): 05878071
Email (all inquiries & privacy requests): contact@scar-wood.com
Data Protection Officer (DPO): contact@scar-wood.com

This Policy explains how we process personal data when you visit or purchase from our websites at scar-wood.com, scar-wood.de, scar-wood.nl, and scar-wood.eu (collectively, the “Site”).

2) What data we collect

Data you provide

  • Account and order details (name, billing/shipping address, email, phone).
  • Order contents, delivery preferences, returns/exchanges.
  • Messages you send us (email/support forms/social media).
  • Marketing preferences (e.g., newsletter opt-in) if you choose to subscribe.

Data collected automatically

  • Device/usage data (pages viewed, clicks, scrolls, time on page, referring URL, browser/OS).
  • Approximate location (country/city derived from IP at request time).
  • Cookies and similar technologies (see Cookies & analytics).

Payment data

We do not store full card details. Payments are processed securely by our providers:

  • CorvusPay,
  • Shopify Payments (which may enable Apple Pay and Google Pay), and
  • PayPal.

These providers receive your payment information directly and process it as independent controllers under their own privacy policies.

Data from partners

  • Delivery partner: GLS (delivery status and confirmations).
  • Anti-fraud/abuse services and IT/security providers.
  • Analytics/advertising partners (only if you consent to those cookies).

3) Purposes and legal bases (GDPR)

  • Provide the store and fulfill orders (account creation, checkout, delivery, returns, support).
    Legal basis: contract performance (Art. 6(1)(b)).
  • Customer support, troubleshooting, fraud prevention, and security.
    Legal basis: legitimate interests (Art. 6(1)(f)).

  • Analytics and site optimization (understand and improve how the Site is used).
    Legal basis: your consent (Art. 6(1)(a)).

  • Marketing and advertising (personalized ads; email/SMS where applicable).
    Legal basis: your consent (Art. 6(1)(a)). You can withdraw at any time.

  • Compliance (tax, accounting, legal obligations).
    Legal basis: legal obligation (Art. 6(1)(c)).

4) Cookies & analytics (consent managed)

We use a cookie banner and Cookie preferences panel. Only Strictly necessary cookies are set by default. Analytics and Marketing cookies run only if you opt in. You can change choices anytime via the Cookie preferences link in the footer.

Categories

  • Strictly necessary – essential for core features (navigation, cart, checkout, security).
  • Preferences – remember choices such as language/currency.
  • Analytics – help us improve the Site (see GA4 & Clarity below).
  • Marketing – measure campaigns and show more relevant advertising.

Google Analytics 4 (GA4)

Used for aggregate usage statistics. GA4 does not log or store individual IP addresses. For EU traffic, IP-based geo-lookups and initial processing are performed on EU-based domains/servers; the IP is discarded after coarse geo-derivation. We may disable Google Signals and granular location/device data by region as appropriate. GA4 runs only after Analytics consent.

Retention: event-level data currently retained up to 14 months.

Microsoft Clarity (session insights)

Used to understand behavior (e.g., heatmaps and session replays) to improve usability and detect issues/fraud. Clarity uses first- and third-party cookies/technologies; personal input fields in recordings are masked by default. Microsoft may process certain data as an independent controller (see Microsoft Privacy Statement). Clarity runs only after Analytics consent.

Retention: session data retained up to 12 months (subject to Microsoft settings).

5) Sharing your data

We share personal data only with:

  • Platform: Shopify (store hosting, checkout, infrastructure).
  • Payments: CorvusPay, Shopify Payments (incl. Apple Pay/Google Pay), PayPal.
  • Delivery: GLS and other couriers as needed for your order.
  • Analytics/ads: Google (GA4), Microsoft (Clarity), and ad platforms you explicitly consent to.
  • Professional services: IT/security, accountants, advisors (under confidentiality).
  • Authorities where required by law or to protect rights/safety.

We require processors acting on our behalf to protect personal data under written contracts.

6) International transfers

Some providers may process data outside the EEA/UK (e.g., the United States). Where this occurs, we rely on Standard Contractual Clauses (SCCs) and additional safeguards or an applicable adequacy decision.

7) How long we keep data

  • Orders, invoices, tax records: up to 10 years (legal obligation).
  • Accounts and support messages: for as long as your account is active and for a reasonable period thereafter.
  • Marketing data: until you withdraw consent or unsubscribe.
  • Analytics/Clarity: per the retention periods listed above.

8) Your rights (EU/EEA)

You can request:

  • access to your data;
  • correction or deletion;
  • restriction of processing;
  • data portability;
  • objection to processing based on legitimate interests;
  • withdrawal of consent at any time (affects future processing only).

To exercise rights, contact contact@scar-wood.com. You also have the right to lodge a complaint with your local data protection authority. In Croatia: AZOP – Agencija za zaštitu osobnih podataka.

9) Children

Our Site is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided personal data, please contact us so we can delete it.

10) Security

We implement appropriate technical and organizational measures (encryption in transit, access controls, least-privilege access, monitoring, vendor due diligence). No method of transmission is 100% secure, but we work to safeguard your information.

11) Third-party links

Our Site may link to third-party websites or services that have their own privacy policies. We are not responsible for their practices.

12) How to manage your choices

You can adjust non-essential cookies at any time via Cookie preferences in the footer. For marketing emails, use the unsubscribe link in any message. You can also contact contact@scar-wood.com to withdraw consent.

13) Changes to this Policy

We may update this Policy from time to time. Updates will be posted here with a new “Last updated” date. Material changes may also be announced on the Site or by email.

14) Contact

Questions about this Policy or your personal data?
KREIVA projekt d.o.o.
Ulica Ivana Banjavčića 5, 10000 Zagreb, Croatia
Email: contact@scar-wood.com