Shopping Cart

Privacy Policy

Data protection information

NITUI GROUP d.o.o. acts as the controller of personal data and collects it for sales contract fulfillment, product delivery, sales documentation, technical support and credit or debit card payment authorization for which legal basis is laid down in Article 6(1)(b) of the General Data Protection Regulation. In other words, data processing is necessary for contract fulfillment in which the data subject is a party or in order to take action on the data subject’s request before the contract is concluded.

Furthermore, personal data is processed in order to store orders made by the buyers, to identify specific users and to analyse business activity for which the basis is laid down in Article 6(1)(f) of the General Data Protection Regulation, since data processing is necessary for the need to legitimately improve business activity and adapt according to the market needs.
In special cases, if you have given us your permission, your contact data can be used for direct marketing for which the legal basis is laid down in Article 6(1)(a) which states that the data subject has given their consent for personal data processing for one or more specific purposes.

With this privacy statement’s entry into force it is possible for existing users to receive an email from us in which you are asked to agree to receive our notifications via email, phone, SMS or e-messages because we cannot validate or locate in the archive your preferred method of contact, so we kindly ask of you to give us permission clearly and unambiguously if you want to continue receiving our promotions, or we will not be able to continue messaging you about them.

If you as a user have any questions regarding personal data protection, you can contact NITUI GROUP d.o.o., located in Zagreb, Horvacanska 156, directly, or you can contact our data protection support via:

The user as a data subject is responsible and obligated to browse and study  before sharing any personal data.


Processed personal data and personal data usage

On our website ,  NITUI GROUP d.o.o. collects the following personal subject data:

  • name and surname,
    telephone number,
    email address,
    shipping address,
    billing address,
    postal code,
    date of birth,
    company and personal identification number (companies only).

Insight into personal user data can be granted to, when conducting their scope of work concerning buying and selling which users make with NITUI GROUP d.o.o., legal persons that take part in sales contract fulfillment, for example delivery agencies, accounting agencies, IT support and similar with whom we determine the scope and the means of personal data protection through contractual agreements.

NITUI GROUP d.o.o. can give the listed information to third parties in order to fulfill the contract, protect the users’ and NITUI GROUP d.o.o.’s interests and to stop the potential abuse, in order to get the best possible insight and understanding into individual user needs and requests, as well as to develop the highest possible quality of service provision by NITUI GROUP d.o.o., which should result in increased user satisfaction for which legal basis is the legitimate interest of the controller described in Article 6(1)(f) of the General Data Protection Regulation.


Personal data storage

NITUI GROUP d.o.o. will ensure that the personal user data is kept on a safe location (which includes a reasonable administrative, technical and physical protection in order to prevent unauthorized use, access, disclosure, copying or modification of personal data), access to which will be granted only to authorized NITUI GROUP d.o.o. personnel.

NITUI GROUP d.o.o. does not record or store users’ transaction data needed for card payment.  NITUI GROUP d.o.o. will protect personal data to the extent laid down in specific legal regulations (for example, data on financial transactions is stored for 11 years, as laid down by the Accounting Act) or until the right to use the data is repealed as per the data subjects’ wish if it does not interfere with the legal regulations.

The controller has taken the technical, personnel and organisational personal data protection measures necessary to protect personal data from accidental loss or destruction and from unauthorized access, modification, publication or any other form of abuse and has determined that it is the obligation of data processing personnel to sign a non-disclosure agreement.


Information regarding your rights

In accordance with applicable regulations on data privacy protection, you have the following rights:

The right to information on your stored personal data
The right to request corrections, erasure or restricted use of your personal data
The right to objection to data processing for our own legitimate interest, public interest or profiling, except if we can prove that there are convincing, justified reasons above your interests, rights and freedoms, or that such processing is carried out because of validation, application or defense of legal requirements
The right of data transmission
The right to file a complaint to the Personal Data Protection Agency
At any point in time you can withdraw your consent regarding your personal data collection, processing or usage. For further info, read above to find out more on data processing based on your consent.
If you have any questions regarding your rights, you can contact our data protection support at:

You will receive a response no later than 30 days after the filing date.

Data protection

NITUI GROUP d.o.o. finds personal data protection extremely important and has taken a number of precautions in order to protect the users’ personal data. The users can access their personal data on  with a password and an email address.


Links to other websites

This Data Protection Information applies only to usage of data that NITUI GROUP d.o.o. collects from data subjects. Other websites that can be accessed via  have their own confidentiality agreements and privacy policies. If a user visits another website through , NITUI GROUP d.o.o. advises users to check the data confidentiality agreement of the website, since NITUI GROUP d.o.o. is not responsible for conditions of work of other websites.

Other data

Together with personal data, NITUI GROUP d.o.o. can gather users’ data that cannot be used to identify them, and are not considered to be personal data (such as data related to website usage, data about user’s computer, internet service provider, preferences, hobbies, interests, activities), that help NITUI GROUP d.o.o. to design data presented to its users with better quality, accuracy and personal touch, to improve the website and for additional managing and adjustment of its content in order to meet user’s needs. Based on this data, NITUI GROUP  d.o.o. learns what content is more popular with certain types of users.

Information Security & Technical and Organisational Measures

NITUI obrt za trgovinu takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:

  • SSL

  • Access Control

  • Password Policy

  • Coding

  • Pseudonymisation

  • practices

  • Limitations

  • IT

  • Authentication


GDPR Roles and Employees

NITUI GROUP d.o.o. have designated Karmen Kroflin as our Data Protection Officer (DPO) and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organization, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.