Matinata | Privacy Policy
  • Free shipping: Europe over €100 and Croatia over HRK 300

  • Subscribe and get -15% for the first order

Privacy Policy

Effective Date: November 10, 2020

Primrose d.o.o., Jarunska 27, OIB: ("Primrose") with this Privacy Policy regulates the data collection activities as well as data usage when using the website, which is the ownership of Primrose. Primrose acts as the data controller in terms of the General Data Protection Regulation ("Data controller") and determines the purpose and means of the processing of personal data. The purpose of this Privacy Policy is to provide users of website with information about the procedure of collecting and processing personal data when using the website, define Data controller, define data recipients (persons to whom data are transferred following the contract and legal provisions), define personal data that we process, for what purposes and for how long we store this information about cookies.

For this Privacy Policy, the name "user" is a common name for users of the website and customers in the online store, which are defined in the General Terms of Use of webshop.

Data collection

Personal data is any data related to a person whose identity is known or can be identified. Personal data is considered to be the user's identification data, i.e. data that Data controller collects and processes during the use of the website. Personal data is collected exclusively based on the voluntary provision of such information by users of the website/webshop, such as filling out a form when ordering products or when subscribing to the newsletter. Additionally, non-personal information and data may be automatically collected through online cookies.

For business purposes, the Data controller collects the following data:

• name and surname
• address of residence
• e-mail address
• contact phone number
• delivery address (if different from the address of residence)

Data controller is obliged to respect the anonymity and privacy of the e-commerce services users and will use and process the data exclusively for the purpose and purpose determined by this Privacy Policy.

If the user is under the age of 16, he or she must notify the parent or guardian about this Privacy Policy for the Data controller to get their consent to the use of the user’s personal information.

Data processing

Data controller uses user's data for the following purposes:

Order processing and fulfilment of contractual obligation

Data controller collects the data during products ordering within webshop. The following data is collected: identity data, contact information, shipment information, information about payment type and the other data necessary for transaction processing. The website does not record the user's credit card number or store transaction data and uses third-party services to encrypt credit cards to protect the user's data.

Website improvement

Data controller’s web server automatically records the technical user data below for the proper display of the website, for security purposes, and to analyze the website's performance. When accessing the website, Data controller’s web server temporarily stores the domain name or IP address of the accessing computer, as well as the access date, file queries by website visitors, browser type, HTTP or HTTPS return code, and file size transferred during the visit.

Fulfilment of legal obligations

Data controller processes the user's data to fulfil tax, accounting and other legal obligations. Also, the user personal data are processed in some instances prescribed by law, i.e. in cases when Data controller is obliged to do so by a court or other binding decision.

With the consent of the user

In certain situations, Data controller may request the user's consent for the processing of his/her data (for the use of certain cookies; in the case of subscribing to the newsletter). At any time, the user will have the option to withdraw the said consent.

Your data will not be used for purposes other than those listed above, without notifying you and requesting consent in some instances where necessary.

Protecting the privacy of personal data

Data controller is obliged to protect the privacy of all users’ personal data on the website and undertakes to treat them under the Personal Data Protection Act or any other applicable regulations in the Republic of Croatia. Data controller may not use the users’ personal data without their authorization or make them available to third parties, except in cases where a special law allows it or is necessary for fulfilling contractual obligations, as stated above.

Statement on personal data collection

By purchasing products in the online store, I give my consent that the company Primrose d.o.o. as Data controller following the General Data Protection Regulation and its business partners as Data processors defined by the General Data Protection Regulation, collect, process and mutually transfer and exchange the following data (hereinafter: data processing): data about my orders (name and surname, address, postal code, city, country, telephone number, e-mail address and delivery data, the same as specified or other if different from the specified data) and data required to receive the newsletter (e-mail address).
I give the mentioned consent for data processing for the purpose of payments processing and delivery of the ordered product.
I am aware of the right to withdraw this statement of consent in full at any time. Withdrawal of the statement of consent will completely stop the processing of my data.

Providing personal data to third parties

The users' personal data is protected under the Personal Data Protection Act, and the Data controller will not make them available to third parties in any way, except for the above-mentioned purposes. The Data controller forwards the necessary personal data exclusively to business partners for the realization of the delivery of the user's order. The user has the right to request the correction, amendment, or supplementation of inaccurate or incomplete data and for all questions regarding the protection of personal data may contact the Data controller.
The Data controller guarantees that the e-mail address and other data of the user will not be made available to third legal and natural persons without his consent. The delivery service, authorized services of the executive power of the Republic of Croatia, is exempted from the above for the needs of investigative actions based on a valid court order, to perform the service, protect the interests of users and the Data controller and preventing possible abuses.
The Data controller does not record or store the user's transaction data required for card payments. The credit card processing manager uses the services of a third party (WS Pay and PayPal) that encrypts the user's data.

Cookies website uses cookies to provide a better user experience, analyze traffic and store data on orders. By continuing to use the website, you confirm your consent to the use of cookies.

Cookies are small text files that Primrose sends to the user's computer and is stored on the computer at the time of viewing the website, which Primrose later has access to. They enable easier use as they save user settings for a website (language or address) and reactivate them when you restart. Cookies stored on a computer can be accessed by Primrose when a user visits the website or opens an email sent by Primrose. Thanks to them, Primrose can show users relevant results.

The most important cookies we use are:
• Strictly necessary cookies. They are required to ensure the operation of the website from a technical perspective.
• Functional cookies. They help us improve the user experience by remembering his choices.
• Targeted cookies. These cookies are used by Primrose to place ads on other pages visited by the user or to avoid the ad appearing to a user who is familiar with Primrose.

The Data controller processes cookies only with your consent. To withdraw consent or consent to the use of cookies, select the appropriate settings in your browser. However, certain functions of the website may not work without cookies.

Protection of your data

The Data controller shall take appropriate physical, technical and organizational measures to protect the user's personal data from unauthorized access, destruction, alteration, disclosure or use in any other way, to ensure the privacy and security of personal data given to him. Access to personal data of users is limited only to those employees who need to know the information to fulfil a contractual obligation or provide another service.

Unfortunately, no data transmission over the Internet is entirely secure and, therefore, the Data controller cannot guarantee the protection of any information transmitted to the site, and is not responsible for any misuse by a third party who receives such information.

Data storage and data-keeping period

The Data controller will keep personal data as long as necessary for the above purposes or until the statutory deadline. After this time, personal data will be destroyed, deleted, or made anonymous in a way that ensures that the security of personal data is maintained.

User rights

The right to access personal data

The user has the right to ask the Data controller about the purposes he uses his data for, and right to access such personal data. Also, the user has the right to know the purpose of his data processing, the categories of personal data stored, the third parties with whom his personal data is shared, how long his personal data is kept and who is the source of his personal data (in such case if the Data controller did not obtain personal data from the user).

If you would like to know if the Data controller has your personal data, the purpose of the personal data processing, with whom your personal data is shared or if you wish to access the personal data we have about you, please contact us at

The right to correct personal data

The user has the right to ask the Data controller to correct or remove incorrectly entered data or such data that are no longer valid (obsolete).

The right to delete personal data

The user has the right to ask the Data controller to stop processing his data or delete personal data in his possession. However, if the mentioned personal data is necessary for the performance of certain contractual obligations of the Data controller towards the user, the Data controller may not be able to perform such contractual obligations. Also, if the stated personal data is necessary for compliance with legal obligations by the Data controller, it will not be possible to resolve the user's request.

The right to limit the processing of your personal data

The user has the right to request from the Data controller limited processing of personal data if user disputes the accuracy of personal data or if the processing is illegal or the Data controller no longer needs personal data for processing purposes, but the user requests them to set, implement or defend legal claims, or user filed an objection to the processing of personal data, awaiting confirmation of the legitimate reasons of the Data controller that go beyond the user's reasons.

In the case of limited processing of personal data, such personal data may be processed only with the consent of the user, except in exceptional cases, such as storage, setting, realization or defence of legal claims, protection of the rights of another private or legal entity or in the public interest of the EU state member.

The right to object personal data handling

The user has the right to object to the way personal data is processed, according to the legal grounds that the Data controller considers legitimate. Additionally, the user has the right to object to the way personal data is processed for the purpose of direct marketing.

The right to transfer personal data

If the processing is based on the consent of the user or is performed by automated means, the user has the right to request from the Data controller the transfer of user’s data to another Data controller for personal data processing.

The right to complain to the legal authority

The user has the right to personally contact the Personal Data Protection Agency in case of dissatisfaction with the method of collecting and processing user’s personal data.

Accuracy of personal data

The Data controller shall take reasonable steps to ensure that the personal data it collects is relevant to the purposes for which they will be used and that they are accurate and complete. However, in some cases, the Data controller must rely on users to provide personal information that is accurate and true.

When providing personal data, the user guarantees that the information provided is complete, correct, accurate and up-to-date.

Confidentiality statement

This privacy statement applies to data confidentiality of data contained in website and collected through the use of this site.
All user data is strictly kept and is available only to authorized persons of the Data controller who need this data to perform the work.
By accessing or using our website, the user confirms that he/she has read, understood and agrees to all terms of data confidentiality, Privacy Policy and ways of using the website.
If the user does not agree with this Privacy Statement and Privacy Policy, the user is instructed not to use the website.

Privacy Policy Changes

The Data controller reserves the right to change this Privacy Policy at any time and instructs the user to visit the website from time to time to determine if any changes have been made. The date of the last change written at the beginning of this Privacy Policy will be relevant.