Privacy policy

Data Protection Notice

Below, we provide detailed information on how your personal data is processed by Centella j.d.o.o., operating under the name “theatrum” (hereinafter referred to as “we” or “data controller”), in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

Please carefully review our data protection notice. If you have any additional questions or concerns regarding our data protection policy, feel free to contact us via email at dpo@theatrumbarandfood.com.

1. Data Controller Information

This data protection notice applies to data processing carried out by:

    • Company Name: Prazer j.d.o.o.

    • Headquarters: Slavonska 15, Split

    • Company ID (MBO): 05570972

    • Tax ID (OIB): HR24797979524

    • IBAN: HR8724020061100865721

    • Court of Registration: Commercial Court in Split

    • Share Capital: Fully paid

    • Bank: Erste&Steiermärkische Bank d.d.

    • Bank Headquarters: Jadranski trg 3A, 51000 Rijeka, Croatia

Contact Information of the Data Controller:

    • Email: dpo@theatrumbarandfood.com

This document applies to the following websites and applications: www.theatrumbarandfood.com.

2. Data Protection Officer Information

You can reach the data protection officer(s) of the data controller at:

    • Company Name: Centella j.d.o.o.

    • Headquarters: Valpovačka 15, Split

    • Company ID (MBO): 04872550

    • Tax ID (OIB): HR58658764955

Contact Information of the Data Protection Officer:

    • Email: dpo@theatrumbarandfood.com

3. Purposes, Legal Bases, and Legitimate Interests for Data Processing

3.1. Accessing Our Website/Application

3.1.1. Log Files

When you access our website or application, your internet browser automatically sends certain information to our server. This information is temporarily stored in protocol files, known as log files. This process is standard practice in the internet industry to ensure the proper functioning of the site, provide additional security measures, and gather analytical data.

The data stored includes, but is not limited to:

    • Date and time of access

    • Name of the visited page or resource

    • IP address of your device

    • Referrer URL (the web address from which you were redirected to our site or application)

    • Amount of data transmitted

    • Time needed to load the page or resource

    • Detailed information about the version and type of your internet browser

    • Name of your internet service provider

This information is collected to ensure the smooth operation of our digital services, for analytical purposes, and to enhance security for users. The legal basis for processing this data, particularly the IP address, is Article 6(1)(f) of the GDPR. According to this regulation, such data processing is permitted if there is a legitimate interest of the party collecting it. In this context, our legitimate interest arises from the need to provide a secure and functional digital experience for all our users.

When analyzing the stored information, it is not possible to directly infer your personal identity. The information is retained only as long as it serves the purpose for which it was collected and is automatically deleted afterward. Deletion periods are precisely defined based on necessity and relevance criteria, thereby ensuring compliance with the data minimization principles under data protection laws.

3.1.2. Cookie Recording, Tracking, Social Media Functions

On our website or application, we use sophisticated technologies such as cookies, tracking tools, targeting processes, and integrated social media functionalities. To ensure complete transparency and understanding of how and why we use these technologies, as well as the specific data we process, each of these processes will be detailed in the following sections.

3.2. Establishment, Execution, and/or Termination of a Contract

3.2.1. Data Processing When Concluding a Contract

If you decide to create a user account on our website or application or if you enter into any form of contract with us, we process the necessary information to formalize, execute, or terminate the contract. This includes:

    • First and last name

    • Billing and shipping address

    • Email address

    • Financial data for invoicing and payment processing

    • Date of birth

    • Contact phone number

This processing is based on Article 6(1)(a) and (b) of the GDPR. In other words, you provide us with this data based on the contractual relationship you have established with us, whether it is a user account or a transaction. Additionally, if you choose to make a purchase through our platform, we are legally obliged to send you an electronic order confirmation, which is based on Article 6(1)(c) of the GDPR.

Unless we use your data for marketing purposes (details in section 3.3), we retain the information collected during the duration of the contractual relationship, as well as until the expiration of legal or potential contractual guarantees. After this period, the contract-related information required under commercial and tax regulations is retained for a specified time. During this period, the only entity that may access the data is the Tax Administration, in case of an audit.

To execute transactions through our platform, additional data processing is required:

    • Your financial information is forwarded to an authorized payment service provider for transaction execution.

    • Your delivery address is shared with the logistics company and delivery partner to ensure correct product delivery. To ensure proper delivery and possible product returns in line with your preferences, we may share your email address and contact phone number with the logistics partner. This enables the logistics partner to coordinate delivery or return details with you. This information is used solely for these purposes and is deleted after the delivery or return is completed.

3.2.2. Use of Data for Fraud Prevention

During the ordering process, we analyze the data you provide to identify any unconventional or suspicious activities. This includes, but is not limited to, situations such as ordering unusually large quantities of products to the same address using multiple user accounts. Such analysis represents our legitimate interest in maintaining the integrity of transactions and ensuring reliable business practices. The legal basis for this type of data processing is based on the provisions of Article 6(1)(f) of the GDPR.

3.2.3. Data Transfer to Service Providers for Transportation

To guarantee seamless delivery or efficient return of ordered items, we have established partnerships with reputable logistics service providers, transportation companies, and partners specialized in shipment distribution. To ensure the fluidity of the delivery or return process, we allow certain collaborators access to essential information such as your name, postal address, and, if necessary, your email address and phone number. The legal basis for such processing of personal data derives from Article 6(1)(b) of the GDPR.

3.3. Data Processing for Promotional Purposes

3.3.1. Postal Marketing

In an effort to provide you with the most relevant information and offers tailored to your interests, we recognize and value the legitimate interest in using your data for marketing purposes. As part of our marketing activities and collaborations with third parties in marketing initiatives, we process the following personal data: first name, last name, postal address, and year of birth.

In accordance with the applicable legal framework, we retain the right to store the aforementioned data in order to effectively use it for improving our marketing campaigns, as well as for promotions in collaboration with partners. Our goal is to continually optimize marketing messages so that you receive only the information that is relevant to you, ensuring that you are not exposed to unnecessary content. In this context, we emphasize that your data will not be shared with unauthorized third parties.

As an additional layer of protection for your privacy, our company “theatrum” implements pseudonymization and anonymization procedures for the collected data. Such processed data is used in both our marketing activities and for the marketing purposes of our partner entities, enabling personalized online interaction. The management of such specific marketing activities may be assigned to specialized service providers or marketing agencies. Our legal basis for this type of data processing derives from Article 6(1)(f) of the GDPR.

Right to Object

We emphasize your right to object to the use of your personal data for the aforementioned marketing purposes. You have the option to object to such processing at any time, free of charge, with effect for the future by emailing: dpo@theatrumbarandfood.com

If you choose to express your objection, we will ensure that your data is taken out of use for further marketing activities. However, we would like to inform you that due to technical requirements in data processing, there may be exceptional situations where you may still receive promotional material after submitting your objection. Such a situation results from the necessary preparation for data selection and does not imply that we have not acted on your request.

3.3.2. Newsletter

On our website and applications, we provide you with the option to subscribe to our newsletter. To ensure the accuracy of the entered email address and to prevent potential errors, we use the double opt-in procedure (DOI). After you enter your email address in the provided field and express your desire to receive our newsletter, we send you a confirmation link to the entered email address. Your email address will be included in our distribution list for sending newsletters only after you confirm your subscription via the sent link. The legal basis for this processing of your data is Article 6(1)(a) of the GDPR.

Right to Withdraw

You have the right to withdraw your consent at any time with effect for future interactions. You can do this by sending a notice to dpo@theatrumbarandfood.com

3.3.3. Product Recommendations via Email

As a valued customer of our online store, we regularly send you product recommendations via email. These suggestions are provided independently of your subscription to our newsletter. To offer personalized recommendations, we use the email address you provided during previous purchases. This allows us to highlight products and/or services similar to those you have previously selected or purchased from us. The legal basis for processing your data in this way is based on Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Right to Object

If you no longer wish to receive our product recommendations in the future, you have the right to object at any time. You can do so by sending a notice to dpo@theatrumbarandfood.com or via the unsubscribe link available at the end of each of our product recommendation emails. Please note that this opt-out will not incur any additional costs beyond the standard data transmission charges as per the applicable tariffs of your internet service provider.

3.3.4. Sweepstakes and Contests

If you have entered a sweepstake or contest organized by Theatrum, the information you provided during the entry process will be used to ensure the smooth execution of the participation contract. This includes notifying you of any winnings and possibly promoting our or our partner companies’ offers related to the sweepstake. Specific details regarding the processing and use of your data can be found in the participation rules for the particular sweepstake you entered. The legal basis for processing your data is based on Article 6(1)(a), (b), and (f) of the General Data Protection Regulation (GDPR).

3.4. Digital Analytics

3.4.1 General Information About Cookies

Our website uses “cookies” technology to optimize user experience, enable certain functionalities, and track user visits and activities on our webshop. Cookies are small text files that your web browser automatically generates and stores on your device (whether it’s a computer, tablet, or smartphone) when you visit our site. It’s important to note that these files are not harmful to your device and do not contain malicious content like viruses or trojans.

Using cookies allows us to store information related to your device, but this does not mean we have access to your personal data or can identify you. For example, cookies enable us to keep track of the contents of your cart while you browse different parts of our site, helping us provide you with a better user experience and easier shopping process.

Some cookies are deleted after you end your session and close your browser (so-called session cookies). Other cookies, such as those that remember your settings or items in your cart, may remain stored on your device even after the session ends (so-called persistent cookies). This type of cookie allows us to recognize you during your next visit, contributing to a more personalized user experience.

We understand the importance of privacy and allow you to adjust or disable the use of cookies through your web browser settings. Most modern browsers offer options for managing cookies, including the ability to disable or delete them. For more information on managing cookies, visit the “Help” or “Settings” section of your chosen browser.

3.4.2 Managing Cookies in Different Browsers

To provide you with the best possible browsing experience on our website and ensure full functionality, we use cookies. Below are detailed instructions on how to manage cookies in different internet browsers.

Internet Explorer:

    1. Open the menu and select “Additional Features,” then choose “Internet Options.”

    1. In the next step, click on “Privacy.”

    1. Security settings for a specific internet zone will open. Here you can choose whether to accept or reject cookies.

    1. After adjusting the settings according to your preferences, confirm your choice by clicking “OK.”

Firefox:

    1. In the main menu, select “Additional Features,” then click on “Settings.”

    1. In the next step, select “Privacy.”

    1. In the drop-down menu, select the option “Generate according to user-defined settings.”

    1. Now you can choose whether to accept cookies, how long to keep cookies, and add exceptions for specific websites.

    1. After adjusting the settings, confirm your choice by clicking “OK.”

Google Chrome:

    1. Click on the Chrome menu located on the browser toolbar.

    1. Then select “Settings” and click on “Show advanced settings.”

    1. In the “Privacy” section, click on “Content settings.”

    1. In the “Cookies” section, you have the option to perform various actions related to cookies: delete cookies, block cookies by default, automatically delete cookies and website data after closing the browser, and add exceptions for specific websites or domains.

Opera:

    1. In the main menu, select “Settings” or press “Alt” + “P.”

    1. In the “Privacy & Security” section, find the “Cookies” segment.

    1. Here you can choose how you want Opera to handle cookies: accept all cookies, reject all cookies, or set specific settings for individual websites.

Safari:

    1. In the menu, select “Safari,” then “Preferences.”

    1. Click on “Privacy.”

    1. In the “Block Cookies” section, you can choose how Safari should handle cookies.

    1. For more detailed information on cookie settings for individual websites, click on “Details.”

When adjusting cookie settings, we recommend always considering the purpose of cookies and your preferences to make your internet experience as enjoyable as possible.

Please be informed that if you decide to disable or limit the use of cookies on our website, you may not be able to take full advantage of all the functionalities the site offers. Cookies contribute to the fluidity and personalization of the user experience, so disabling them may affect the performance and quality of your browsing experience on our site.

If personal data is stored within these cookie files or through the information they store, the processing of that data is based on Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our goal is to continuously improve and optimize our website to provide you with the best possible user experience. According to the regulations mentioned, our desire to optimize the website can be considered a legitimate interest, given the importance of providing a high-quality user experience for our visitors.

3.4.3. Google Analytics

To provide personalized service and necessary content optimization of our website, based on Article 6(1)(f) of the General Data Protection Regulation (GDPR), we use Google Analytics—a sophisticated web analysis service provided by Google Inc. (“Google”).

Google Analytics operates using “cookies” or text files stored on your computer. These files are essential for analyzing how visitors use our website. During this process, pseudonymized user profiles are created using the aforementioned cookies.

The information generated by these cookies includes, but is not limited to:

    • The type and version of the web browser you use.

    • The operating system installed on your device.

    • The referrer URL, i.e., the website you visited before coming to our site.

    • The hostname of the computer from which you are accessing, i.e., the IP address of your device.

    • The exact time you sent a request to our server.

All this information helps us better understand user behavior, which further allows continuous improvement of the user experience and content on our site. We must emphasize that although we collect certain information, your privacy remains protected; we do not aim to identify visitors to our website based on this data.

In collaboration with Google Analytics, a tool from Google Inc., we strive to provide the highest possible quality service to users of our website through a deep analysis of their online activities. Google, as the provider of this service, uses the collected information based on the instructions of the operator of this website for the purpose of analyzing how visitors use our site. This analysis helps in compiling detailed reports on user activities, and all data is used to improve the functionality of the site and offer additional services related to users’ online activities.

It is important to emphasize that the IP address your computer provides within the Google Analytics service remains anonymous and is never combined with other data Google may have. If you wish to prevent cookie storage, you can achieve this by adjusting your web browser settings. However, please note that such an adjustment may limit access to some functionalities of our website.

For users who want an additional level of privacy, there is the option to download and install a browser add-on to disable Google Analytics. You can find and download this add-on at the following link: Google Opt-Out Add-on.

Alternatively, to the browser add-on, especially for users accessing our website via mobile devices, we offer the option to disable Google Analytics tracking by simply clicking a specific link. Clicking on this link sets an “Opt-Out-Cookie” that prevents further tracking of your activity during your visit to our site. It is important to note that this option is specific to each browser and device, and if you delete cookies from your browser, you will need to set the Opt-Out-Cookie again.

Additional information on how Google Analytics protects your data can be found on the official Google Analytics website.

For those who want to delve deeper into this functionality, as well as other aspects of privacy related to Google services, we recommend reviewing the official information on Google remarketing and Google’s privacy statement available at: Google Privacy Policy.

3.5. Ad Tracking

3.5.1. Google Conversion Tracking

As part of using the Google Ads service, we use a method called Conversion Tracking. When you click on an ad placed by Google, a cookie for Conversion Tracking is stored on your computer/device. This cookie expires after 30 days, does not contain personal data, and therefore does not serve to personally identify you. The information collected through the Conversion Cookie is used to create conversion statistics for AdWords clients who have opted for Conversion Tracking.

The legal basis for this data processing is Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation (GDPR). You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case, you may not be able to use all the features of this website to their full extent. You can deactivate Google ads that relate to your interests, as well as Google ads on the web that relate to your interests (within the Google Display Network), by activating the “Off” command at www.google.com/settings/ads or by deactivating it at www.aboutads.info/choices/. For more information about your settings and data protection at Google, please visit www.policies.google.com/privacy.

3.5.2. Meta Conversion Tracking

As part of our use of Meta advertising services, we apply a system known as Conversion Tracking. When you click on an ad placed through the Meta platform (Instagram, Facebook, Threads, WhatsApp), a cookie for Conversion Tracking is stored on your device. This cookie becomes inactive after 30 days, does not contain personal information, and therefore does not enable personal identification. The information collected through this cookie is used to create statistical reports on conversions for clients who use Meta Conversion Tracking.

The legal basis for this data processing is Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation (GDPR). If you wish to prevent the storage of cookies, you can do so by adjusting your browser settings. However, we would like to point out that in this case, you may not be able to use all the features of our website to their full extent. You can deactivate interest-based ads on the Meta platform through your account settings or by visiting specific pages for managing ad settings within the Meta ecosystem. Additional information on privacy settings and data protection on the Meta platform can be found on the official privacy policy pages.

3.5.3. Bing Conversion Tracking

As part of using Bing advertising services, we use a method known as Conversion Tracking. When you click on an ad placed through Bing, a cookie for Conversion Tracking is stored on your device. This cookie becomes inactive after 30 days, does not contain personal information, and therefore does not enable personal identification. The information collected through this cookie is used to create statistical reports on conversions for clients who use Bing Conversion Tracking.

The legal basis for this data processing is Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation (GDPR). If you do not wish to store cookies, you can do so by adjusting your browser settings. However, we would like to emphasize that in this case, you may not be able to use all the features of our website to their full extent. You can deactivate interest-based ads on the Bing platform through your account settings or by visiting specific pages for managing ad settings within the Bing ecosystem. Additional information on privacy settings and data protection on the Bing platform can be found on the official privacy policy pages.

3.5.4. TikTok Conversion Tracking

In the process of using TikTok advertising services, we apply a method known as Conversion Tracking. When you interact with an ad placed through TikTok, a cookie for Conversion Tracking is set on your device. This cookie remains active for 30 days, does not store personal information, and therefore does not allow direct identification. The data collected through this cookie is used to compile statistical reports on conversions for marketers who have opted for TikTok Conversion Tracking.

The legal basis for this data processing is Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation (GDPR). If you do not wish to store cookies, you can prevent this by adjusting your internet browser settings. However, we would like to point out that in this case, you may not be able to use all the functionalities of our website fully. You can disable personalized ads that TikTok prepares based on your interests through the settings within your TikTok profile or by visiting specific pages for managing ad settings within the TikTok platform. For additional information on privacy protection and settings on the TikTok platform, please consult the official TikTok privacy policy page.

3.5.5. Snapchat Conversion Tracking

In the process of using Snapchat advertising services, we apply a method known as Conversion Tracking. When you interact with an ad placed through Snapchat, a cookie for Conversion Tracking is set on your device. This cookie remains active for 30 days, does not store personal information, and therefore does not allow direct identification. The data collected through this cookie is used to compile statistical reports on conversions for marketers who have opted for Snapchat Conversion Tracking.

The legal basis for this data processing is Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation (GDPR). If you do not wish to store cookies, you can prevent this by adjusting your internet browser settings. However, we would like to point out that in this case, you may not be able to use all the functionalities of our website fully. You can disable personalized ads that Snapchat prepares based on your interests through the settings within your Snapchat profile or by visiting specific pages for managing ad settings within the Snapchat platform. For additional information on privacy protection and settings on the Snapchat platform, please consult the official Snapchat privacy policy page.

3.6. Remarketing

3.6.1. Google Ads Remarketing

Our website uses the Google Ads service.
Google Ads is an online advertising program by the company
Company Name: Google Inc.,
Location: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

One of the key features we implement within the Google Ads service is the so-called “remarketing” function. This specific function allows us to show personalized promotional ads to users who have visited our website when they browse other sites within the Google Display Network. For example, if a user has viewed certain products or services on our website, we can present them with targeted ads for those same products or similar products on other websites that are part of the Google Display Network.

This process is enabled through “cookies” technology, where Google stores a specific number in the user’s browser who visited our site. It’s important to emphasize that this number, known as a “cookie,” allows the identification of the browser on the user’s device, not the user themselves. In other words, no personal data of the user is stored through this process. The legal basis for this data processing is Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation (GDPR).

For users who want more control over their data and preferences, Google provides the option to deactivate the use of cookies related to remarketing. You can do this by visiting the following link and installing the provided plugin for your browser: www.google.com/settings/ads/plugin.

3.6.1.1 Doubleclick by Google

In our effort to provide you with an optimized user experience, we use a service called “Doubleclick by Google,” which is owned by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

Purpose and Operation: Doubleclick by Google uses cookies to display ads that are most relevant to you. For this service to function correctly, a specific pseudo-identification number (ID) is assigned to your internet browser. This number allows tracking of the ads that have appeared in your browser and those you have specifically viewed. It’s important to emphasize that cookies in this context do not store any of your personal information.

Connection to Other Sites: Thanks to DoubleClick cookies, Google and its partner websites can present ads based on your previous visits to our website or other places on the internet.

Storage of Information: The information obtained through these cookies is transmitted to Google’s server located in the United States, where it is stored. Google only transfers data to third parties if required by law or if the data is processed on its behalf. It is important to note that Google will never combine this information with other data it has collected.

Your Right to Choose: If you want to prevent the collection of data generated by cookies and the processing of that data by Google, you can do so by downloading and installing a browser plugin via the link provided in the DoubleClick deactivation extension section.

Legal Basis: The entire processing of your data is based on Article 6, Paragraph 1, Subsections (a) and (f) of the General Data Protection Regulation (GDPR). This complies with data protection regulations and ensures your legal security.

3.6.2. Meta Ads Remarketing

Our website utilizes the Meta Ads service, an online advertising program provided by: Company Name: Meta Platforms, Inc., Location: 1601 Willow Road, Menlo Park, CA 94025, USA (“Meta”).

As part of the Meta Ads service, we employ a feature known as “remarketing.” This functionality allows us to display tailored ads to users who have previously visited our website as they navigate other parts of the Meta network, including Facebook and Instagram. For instance, if a user has viewed specific products or services on our site, we can present targeted ads for those products or related items when the user continues their activities within the Meta network.

This feature is enabled through the use of “cookies,” where Meta stores a specific identifier in the user’s browser. It is important to note that this identifier, often referred to as a “cookie,” serves to identify the browser on the user’s device, not the user themselves. In other words, personal data about the user is not stored through this mechanism. The legal basis for such data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Users who wish to have more control over their data and advertising preferences can opt out of the use of cookies related to remarketing on the Meta platform. This can be done by visiting the privacy settings within their profile on the Meta platform and adjusting their preferences.

3.6.3. Bing Ads Remarketing

Our website uses the Bing Ads service, an online advertising program provided by: Company Name: Microsoft Corporation, Location: One Microsoft Way, Redmond, WA 98052, USA (“Microsoft”).

As part of the Bing Ads service, we utilize a feature known as “remarketing.” This functionality allows us to display tailored ads to users who have visited our website as they browse other sites within the Bing network and its partners. For instance, if a user has viewed specific products or services on our site, we can present targeted ads for those or similar products on other websites that are part of the Bing network.

This process is enabled through the use of “cookies,” where Microsoft stores a specific identifier in the browser of users who visited our site. It is important to emphasize that this identifier, known as a “cookie,” allows the identification of the browser on the user’s device, not the user as an individual. In other words, personal data about the user is not stored through this mechanism. The legal basis for such data processing is Article 6(1)(f) of the GDPR.

For users who wish to have more control over their data and advertising preferences, Microsoft provides the option to disable the use of cookies related to remarketing. This can be done by visiting the privacy settings within their Microsoft account and adjusting their preferences.

3.6.4. Targeted Advertising

As part of our online marketing efforts, we implement targeting measures, known as “Targeting.” These measures allow us to tailor our advertising activities to the specific interests of users, ensuring that the content we present to them is relevant and of high quality.

The legal basis for conducting these measures is Article 6(1)(f) of the GDPR. This regulation allows us to collect and process data to enhance the user experience on our website and in our online campaigns.

The goals of our “Targeting” measures are twofold:

    1. Relevance: We aim to ensure that the advertising displayed on your devices (computers, tablets, mobile phones, etc.) aligns with your actual or assumed interests. In this way, we strive to make the advertising content we present to you as relevant as possible and in line with your preferences.

    1. User Experience Quality: Our goal is to reduce the likelihood of burdening you with advertising that is not interesting or relevant to you. We believe that personalized advertising is key to creating a positive user experience and building a lasting relationship with our customers.

Through these measures, our primary aim is to improve your browsing and interaction experience with our digital content, ensuring that the advertising you see reflects your interests and needs.

3.6.4.1. Targeted Recording

On our website, we use “cookies” to collect and analyze information with the aim of optimizing the advertising content we present to you. This information includes data about the products you have viewed during your visit to our site or within our application.

This analytical activity is conducted under a pseudonym, meaning that the collected data is not directly linked to your personal identity. Specifically, the information we collect in this way is not combined in any way with your personal data, making it impossible to identify you directly based on this information.

The purpose of this process is to enable us to present you with offers that are precisely tailored to your interests. Based on the analysis of your previous user behavior, we strive to ensure that the advertising content we present to you is as relevant as possible and aligned with your preferences.

    1. Recording Information: Each time you visit our website or use our application, we record certain information related to your interaction with our content using technology known as “Cookies.” This includes, for example, the products you have viewed, the amount of time you spent on specific segments of the site, or the content that particularly intrigued you.

    1. Analytical Processing and Pseudonymization: It is important to note that all the information we collect is analyzed while retaining its anonymous form. In other words, although we can track your activities on our platform, we cannot directly identify you as an individual. This approach is known as pseudonymization, where your data is processed under a temporary or fictitious name, ensuring your privacy.

    1. Personalized Offers: Through careful analysis of your activities on our portal, we create offers tailored precisely to your interests. For example, if you have shown interest in certain product categories, in later interactions, you may notice advertising or recommendations specifically from that domain. This approach not only positions us as an adaptable service provider but also allows you to receive relevant and targeted information.

    1. Your Privacy is Our Responsibility: In every segment of our activity, your privacy is central. Therefore, we guarantee that the data collected using “Cookies” is never combined with data that would allow your direct identification. Our primary goal is to enhance your user experience without compromising your right to privacy.

3.6.4.2. Repeated Targeted Advertising

As part of our effort to provide you with the most personalized experience while browsing our online content, we use Re-Targeting technologies from reputable external service providers, including, but not limited to, companies such as Facebook Ireland Limited, TikTok Technology Limited, and Google Ireland Ltd.

    1. Re-Targeting – Customized Interaction: This sophisticated technique allows us to tailor our online offerings to your specific interests, making us more relevant and specific in our communication with you. Specifically, thanks to this approach, on the websites of our partner platforms, we can specifically target users who have already shown interest in our online store and the products we offer. Empirical research confirms that personalized marketing messages, which are closely related to the user’s interests, have a greater impact on users compared to generic promotional content.

    1. How Do We Achieve This?: By placing a certain cookie on your device, we collect data related to your interests, but in a pseudonymous form, thus ensuring your anonymity. Based on this information, on the websites of our partners, we can present you with promotional content that is directly aligned with your preferences. It is important to emphasize that we do not store your personal data or link it in any way to your user profile.

    1. Protecting Your Privacy: If you wish, you can disable the collection of this data for the purpose of personalized promotion. In that case, a cookie will be placed on your device that will permanently disable this type of data collection. Of course, if you later wish to remove it, you can do so manually via your browser or by using the “Delete all cookies” function. You have the right to object to this form of data collection at any time. Your privacy is our highest priority.

3.6.5. Advertising Partners/Third-Party Cookies

In our desire to enhance your browsing experience with our online content, we collaborate with selected advertising partners. Our goal is to enrich and personalize the content you encounter on our website so that we can offer you information that is directly aligned with your interests.

    1. Technological Processes: When visiting our website, in addition to our standard cookies, cookies from our advertising partners, often referred to as third-party cookies, are also placed. These cookies, set by our partners, track your user behavior to create a picture of your preferences and interests.

    1. Data Collection: Information regarding your user behavior while on our site is archived in our advertising partners’ cookies. Additionally, some of this information may relate to your user behavior before visiting our site, i.e., on other web locations. This method allows us to gain a holistic insight into your interests.

    1. Personalized Content: Based on the collected information, we are able to present you with promotional content from our partners that is closely related to your personal interests. In this way, we strive to ensure that your experience is personalized, relevant, and in line with your preferences.

    1. User Privacy: We would like to emphasize that despite this detailed tracking of your preferences, personal data is not stored. Therefore, while we collect information about your user behavior, it is pseudonymized, meaning that we cannot link it to you as an individual. In this way, while we strive to adapt to your interests, your privacy remains intact.

3.7 Social Media Functions

3.7.1. Basic elements

Based on the provisions of Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation, our website incorporates so-called “Social Plug-ins” from social networks Facebook and Twitter. The primary motivation for this integration is to increase our company’s visibility and presence in the online space. Given the importance and impact of such promotion, this interest can be considered legitimate and in full compliance with the mentioned General Regulation.

However, it must be emphasized that the primary responsibility for compliance with data protection standards lies with the providers of these services, i.e., social networks like Facebook and Twitter.

For a more comprehensive understanding of how these service providers collect, process, and use your data, as well as your rights in this regard and the options available to you to protect your privacy, we recommend consulting the relevant data protection statements available through the links we will provide.

It is important to note that if you want to ensure that your interactions on our website are not linked to your profiles on the mentioned social networks, we recommend logging out of these networks before visiting our website. Additionally, deleting cookies from your internet browser can further reduce the likelihood of data linking.

If you want to ensure that the information collected through our website is not linked to your social media profiles, besides logging out, there is the option to prevent the loading of certain plug-ins in your browser. This can be achieved with additional applications such as “NoScript,” available at noscript.net.

3.7.2. Social Networks

In accordance with the provisions of Article 6, Paragraph 1, Point (f) of the General Data Protection Regulation, we have implemented so-called Social Plug-ins on certain pages – plugins for social networks. This action has been taken to enhance the visibility and recognition of our company. The marketing and promotion behind this process can be justified as a legitimate interest under the mentioned General Data Protection Regulation.

It should be noted that the responsibility for compliance with data protection rules related to these plugins lies with the companies that provide and manage them.

For additional understanding of the purpose and scope of data collection, as well as how this data is further processed and used by the mentioned providers, and what rights users have in this regard and options for protecting privacy, we recommend consulting the data protection statements of the mentioned providers. For easier access, we provide links to these statements.

If you want to ensure that during your visit to our pages, social networks do not assign the information you collected to your user account on these networks, there is a simple procedure: before visiting our pages, log out of those social networks. Additionally, deleting cookies from your browser will further enhance this protection. If you want to prevent social networks from linking the information collected during your browsing directly to your online profile, you must log out of the relevant social platforms before visiting our website.

3.7.3. Pinterest

Our website contains plugins from the social network managed by Pinterest Inc., located at 635 High Street, Palo Alto, CA, 94301, USA (hereinafter “Pinterest”). The feature of this plugin can be recognized by the “Pin it” button found on our pages.

If you press the mentioned button while logged into your Pinterest account, you will be able to link content from our website to your Pinterest profile. Through this action, Pinterest connects your visit to our pages with your user account. We want to emphasize that we do not have insight into the details and content of the data sent to Pinterest or how Pinterest uses this data. For more information on how Pinterest protects your data, please consult the official privacy statement at: https://about.pinterest.com/en/privacy.

3.7.4. Twitter

Our website also integrates functionalities provided by the social network Twitter. These functions are provided by Twitter Inc., headquartered at 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (hereinafter “Twitter”). By using Twitter and its “Re-Tweet” function, the websites you visit are automatically linked to your Twitter account and become visible to other users. In this process, certain data is transmitted to Twitter. During this process, your internet browser establishes a direct connection with Twitter’s servers and transmits information.

We want to inform you that as the website provider, we do not have knowledge of the content of the data transmitted or how Twitter uses this data. Additional information can be found in Twitter’s privacy statement at: https://twitter.com/privacy. If you want to adjust your data protection settings on Twitter, you can do so in your account settings at: https://twitter.com/account/settings.

3.7.5. Meta – Facebook Connect / Login

As part of its digital services, theatrum offers users the option to register for the service using their Facebook profile through a feature known as “Facebook-Connect.” This special functionality is a creation and product of the social network Facebook, founded and managed by Facebook Inc., located at 1601 S. California Ave, Palo Alto, CA 94304, United States.

It is noteworthy that users, when opting to use this option, do not need to register separately on the theatrum platform. During the registration process, users are redirected to Facebook’s official website. There, they log in using their usual login details. After a successful login, synchronization between their Facebook profile and the theatrum service occurs.

Through this linking process, theatrum automatically receives certain information from Facebook. Of course, this transfer of information is only possible if the user has previously consented to share it. This often includes information such as name, surname, email address, profile picture, gender, and possibly a list of friends. The primary reason for collecting this information is user identification within the theatrum system.

This data processing practice is based on Article 6, Paragraph 1, Point (a) of the General Data Protection Regulation, which provides the legal basis for the mentioned procedure.

If users want to learn more about the Facebook-Connect feature, as well as options for adjusting privacy settings, it is advisable to consult the relevant data protection statement available at: www.facebook.com/about/privacy.

3.7.5.1. Meta – WhatsApp

On our website, we have integrated a plugin that allows sharing content via WhatsApp, known as the “WhatsApp-Share-Button.” This plugin allows you to easily share content from the otto.de website through the WhatsApp application on your mobile device. This functionality is nothing more than a hyperlink or direct link. When you use this feature, some personal data may be transmitted to the WhatsApp operator or even third parties. Additionally, when using this plugin, the WhatsApp operator may learn what content was shared and that the user used this plugin on our website. For detailed information on how WhatsApp handles your personal data, we recommend consulting their privacy statement at the following link: https://www.whatsapp.com/legal/#Privacy.

3.7.5.2. Meta – Facebook Messenger

We also use the services of Facebook Messenger, which is operated by Facebook Ireland Inc. If you send us messages via Facebook Messenger, you should be aware that Facebook Messenger independently collects certain data about you. Information on the purpose and scope of data collection by Facebook Messenger, how your data will be further processed and used, as well as your rights regarding this data and options available to protect your privacy, can be found in the official privacy statement of Facebook Messenger. The privacy statement for Facebook Messenger can be reviewed at: https://www.facebook.com/policy.php.

3.7.8. LinkedIn

On our website, among other plugins, we use those that enable interaction with the social network LinkedIn. These plugins are products of LinkedIn Corporation, located at 2029 Stierlin Court, Mountain View, California 94043, USA. Additionally, we use plugins from Xing AG, located at Gänsemarkt 43, 20354 Hamburg. If you are concerned about your privacy and want to learn more about how these companies process your personal data, we recommend consulting their official data protection statements. The privacy statement for LinkedIn can be found at the following link: http://www.linkedin.com/legal/privacy-policy.

3.7.9. Snapchat

We have also integrated plugins from the social network Snapchat into our website. Snapchat is a popular social platform founded by Snap Inc., headquartered at 63 Market Street, Venice, CA 90291, USA. If you are curious or concerned about how Snapchat handles your user data, we recommend reviewing their official privacy statement. You can find it at this link: https://www.snap.com/en-US/privacy/privacy-policy/.

3.7. User Account

To ensure an optimal experience during your visit to our website, we offer you the opportunity to create a user account. This account allows you to store your personal data, which is protected by a password you set.

Creating a user account is entirely your decision. If you choose to do so, your data will be handled according to the rules established in Article 6, Paragraph 1, Point b) of the General Data Protection Regulation (GDPR). One of the benefits of having a user account is that it enables faster and easier orders, as you don’t need to re-enter all your information each time. Additionally, you can view and modify the stored data at any time.

If you wish to make a purchase through our website or application, creating a user account becomes necessary to facilitate the smooth processing of the transaction. To create a user account, you will need to provide basic information and choose a password. Your email address and password will serve as the basic access credentials for your user account. Please handle this information with care and do not share it with others.

Please note that if you do not log out, you will remain logged in automatically when returning to our site.

We store your personal data in our central database when you submit an inquiry, request a quote, or enter into an agreement such as an online order or open an online user profile on our webshop. Depending on the type of request or contract, the data collected includes:

    • Name and surname

    • Address (residential and/or delivery)

    • Tax Identification Number (TIN)

    • Email address

    • Phone/fax number

    • Goods/services

    • Bank details

    • IP address (see below: Other reasons for processing customer data on the webshop)

We process this data to fulfill or execute contracts with you and meet your other requests. Data is also processed based on our legitimate interests in improving business operations, as explained further below. Data is accessible only to those employees in our sales centers, webshop, and customer support who need it to perform their job, in order to provide you with the agreed services and support.

To enter into a contract, at a minimum, your name, surname, and address are required for identification purposes.

Contact details (e.g., email address) are collected to fulfill your requests (e.g., sending a quote upon your request, confirming a webshop order) and execute contracts (e.g., delivery address, contact phone number). Depending on the payment method, we also process bank details.

All the aforementioned data is collected as necessary, and without it, it is not possible to enter into and fulfill a contract or process your requests. The IP address is used solely to the extent necessary to protect the legitimate interests of the data controller or a third party, provided that these interests do not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data (e.g., for legal proceedings and criminal investigations).

Managing the Theatrum customer database is based on achieving the legitimate interests of Theatrum to improve operational efficiency and service quality, and it also facilitates compliance with data protection regulations concerning data accuracy and portability. We have considered your interests, as through data exchange and availability in our centers and departments, we provide:

    • Complaints and returns

    • Warranty replacements

    • Various payment methods

    • Reservation and pickup of goods

    • Reservation and pickup of goods from the webshop offer

Our customer support is available for all inquiries and complaints, as well as for information and advice.

Every user has the right to delete their account at any time. However, it should be noted that if you have previously placed an order, the stored data will not be immediately deleted due to legal obligations requiring us to retain it in accordance with commercial and tax regulations. This practice is based on Article 6, Paragraph 1, Points c) and f) of the General Data Protection Regulation.

3.8. Contact

In the modern age, communication offers us a multitude of ways to interact. We provide you with the opportunity to contact us through various channels—whether it’s via email, which allows for quick and efficient information exchange, or telephone communication, which provides the warmth of voice and direct interaction. Of course, traditional mail, despite its conventional nature, still carries the charm of the written word.

If you decide to contact us, you should know that all personal data you choose to share with us will be used solely to address you and appropriately respond to your questions or concerns. Your data will be treated with the utmost care and professionalism, and its processing will be in accordance with the highest standards of data protection.

When processing your data, we rely on legal frameworks prescribed to us. These frameworks are firmly based on Article 6, Paragraph 1, Points a), b), c), and f) of the General Data Protection Regulation. This legal basis ensures that your data is used transparently, responsibly, and in accordance with best practices.

3.9. Payments

We process your payment information for the purpose of conducting payments, for example, if you purchase a product and/or service through Theatrum.com. Depending on the type of payment, your payment information may be forwarded to a third party (e.g., your credit card provider if you pay by credit card). The legal basis for this data processing is Article 6, Paragraph 1, Point a), Article 6, Paragraph 1, Point b), and Article 6, Paragraph 1, Point f) of the General Data Protection Regulation.

Online Transactions via Credit or Debit Cards

In the digital world, where every moment is valuable, we offer you the possibility of simple and fast online payments. This payment method, although quick, does not compromise the security of your transactions.

One-Time Payment

Let your transaction be swift and seamless. By choosing this option, you can be assured that your transaction is protected by the strictest security standards of modern times.

Diverse Payment Methods

In our online payment assortment, you will find various methods, including renowned credit cards such as Visa and MasterCard. We also offer modern options like PayPal, Google Pay, and Apple Pay, allowing you to choose the one that suits you best.

Protection of Your Online Transactions

When you complete your order on our online store Theatrum.com, you will be directed to the pages of our trusted online payment partner, Stripe. You will be required to enter your banking details, but you can trust that your data is protected and secure.

Online Payment Process

After confirming your desire to pay on the Stripe platform, the transaction process occurs almost instantly. However, your account and official transaction confirmation will be delivered only after your order passes through all our checks and is ready for shipment. At this point, the sales contract between us and you is considered officially concluded.

3.8.1. Payment on Delivery

In the modern e-commerce environment, we offer various payment options to meet the needs of all our customers. One of the payment methods we provide is payment on delivery. Below you will find key information about this payment method to give you a clear picture of how we handle your data and how the payment process works.

Transfer of Information: If you choose payment on delivery as your preferred method, your delivery and payment information will be forwarded to our trusted delivery partner. This process is necessary to ensure a smooth transfer and for the delivery person to be informed of the details of your order and the amount to be paid upon delivery.

Moment of Payment: Payment is made in one go, directly upon receipt of the ordered products. Please note that upon receipt, you will pay the total amount of the order, including the price of the products and all applicable delivery costs.

Order Value Limitations: Considering the security and operational aspects of this payment method, we have set a maximum limit for orders that can be paid on delivery. Specifically, if you choose payment on delivery, the total value of your order must not exceed €500.

4. Your Rights Related to Data Processing

4.1. Information on User Rights Related to Personal Data Processing

In the world of digital communication and pervasive internet use, protecting user personal data has become of utmost importance. Below is a detailed overview of your rights as a user regarding the processing of your personal data:

    • Right to Withdraw Consent: Every user has the right to withdraw previously given consent for the processing of personal data, provided there are legal grounds for such an action.

    • Right to Information: According to Article 15 of the General Data Protection Regulation (GDPR), every individual has the right to request information about their personal data held by us. You may request insight into the purposes of processing, categories of data, recipients to whom the data has been or will be disclosed, the anticipated retention period, and the source of the data if it was not collected directly from you.

    • Right to Rectification: In accordance with Article 16 of the GDPR, every user has the right to correct inaccurate data concerning them or to complete incomplete data that is already correct.

    • Right to Erasure: Under Article 17, users have the right to request the deletion of their personal data held by us, unless there is a legal obligation or right requiring us to keep it.

    • Right to Restriction of Processing: If you dispute the accuracy of the data or believe that its processing is unlawful, or if we are obliged to retain the data for legal purposes but no longer need it, you have the right to request a restriction on the processing of this data under Article 18.

    • Right to Data Portability: According to Article 20, users have the right to receive the data they have provided in a machine-readable format or to request its transfer to another data controller.

    • Right to Lodge a Complaint: In case of any disputes or dissatisfaction with the processing of your data, you have the right to file a complaint with the competent supervisory authority, which is usually located at your habitual residence or place of work, or at the location of our company’s headquarters.

These rights are established to ensure transparency and trust between users and the company. If you have any additional questions or requests regarding your personal data, please feel free to contact us at dpo@theatrumbarandfood.com

4.2. Right to Object under the General Data Protection Regulation

Given the importance of protecting your personal data, we wish to inform you about your right to object under the provisions of the General Data Protection Regulation.

    • Specificity of Objection under Article 21, Paragraph 2: According to this provision, every individual has the right to object to the processing of their personal data if there are specific situations or circumstances that pertain to them. In other words, if you feel that the processing of your data could negatively affect your specific situation, you have the right to express your disagreement with such processing.

    • General Right to Object: This broad right allows every individual to object to the processing of their personal data based on the provisions of Article 6(1)(f) of the GDPR. It is important to note that, unlike the specific right to object which is focused solely on marketing purposes, the general objection covers broader aspects of data processing.

    • Responsibility Regarding General Objection: According to GDPR regulations, we are required to address your general objection only if you present particularly significant reasons for such an objection. For example, if you believe that the processing of your data poses a direct threat to your life or health.

We emphasize that your privacy and the protection of your personal data are our primary responsibilities. Therefore, please contact us with any questions or objections related to the processing of your data so that we can find the best solution together.

4.3. Right to Withdraw Consent for the Processing of Personal Data

To provide complete transparency regarding your rights as a user, we want to inform you in detail about your right to withdraw consent given in the context of the processing of your personal data.

    • Basis for Processing Based on Consent: Your personal data is processed based on your explicit consent. This means that before starting the processing, we asked for your permission to use your data for specific purposes, which were clearly presented to you.

    • Unrestricted Right to Withdraw: You have the right to withdraw your consent at any time. This is your fundamental right that you can exercise without any limitations or conditions. If you choose to withdraw your consent, you can do so without any consequences for you.

    • Consequences of Withdrawing Consent: It is important to understand that withdrawing consent does not affect the legality of data processing that occurred before the moment of withdrawal. In other words, all processing actions that took place before your withdrawal remain lawful and in accordance with your initial consent.

We want to emphasize that your privacy is of utmost importance to us. If you have any questions or concerns regarding your rights or the way we process your personal data, please let us know.