0

Privacy Policy

Home
/
Privacy Policy

Last updated: 2 December 2025

1. Who we are

This Privacy Policy explains how we collect and use your personal data when you visit our website sheepstudio.eu or purchase from the Sheep Studio webshop.

  • Controller: SHEEP STUDIO, obrt za proizvodnju, trgovinu i usluge, trading as Sheep Studio
  • Registered address: Raduča 7, 22202, Primošten, Hrvatska
  • Email: [email protected]

We are the “data controller” for the purposes of the EU General Data Protection Regulation (GDPR).

2. Personal data we collect

We collect and process the following categories of personal data:

a) Data you provide to us

  • Order and account data: Name, billing and shipping address, email address, phone number, order details, payment method (not full card details), account login details (if you create an account).
  • Communication data: Emails you send us, messages via contact forms, social media messages.
  • Newsletter / marketing: Email address and any preferences, if you sign up for our newsletter or marketing emails.

b) Data collected automatically (cookies & similar)

When you visit our Site, we may automatically collect:

  • IP address
  • browser type and version
  • device type
  • pages you view, time and date of visit
  • referring website

This is typically collected via cookies and similar technologies. See “Cookies” below.

3. What we use your data for and legal bases

We process your personal data for the following purposes:

a) To process and deliver your orders

Legal basis: Article 6(1)(b) GDPR – performance of a contract

We use your data to:

  • process payments
  • manufacture and prepare your order
  • ship your order and provide tracking
  • contact you about your order (e.g. confirmation, delays, issues)

b) To provide customer support

Legal basis: Article 6(1)(b) and/or (f) GDPR – contract and legitimate interest

We use your contact details and communication data to:

  • respond to your enquiries
  • handle returns, complaints or warranty issues

c) To manage your account (if you create one)

Legal basis: Article 6(1)(b) GDPR – performance of a contract

We store and manage your login data, order history and preferences.

d) Legal obligations

Legal basis: Article 6(1)(c) GDPR – compliance with legal obligations

We may process and store your data where required by law, for example for:

  • accounting and tax records
  • consumer protection and warranty obligations

e) To improve the Site and prevent abuse

Legal basis: Article 6(1)(f) GDPR – legitimate interest

We may use aggregated, anonymised or pseudonymised data to:

  • monitor Site performance and usability
  • prevent spam, fraud and other misuse

f) Marketing (optional / only with consent)

If you voluntarily sign up for a newsletter or marketing emails:

  • Legal basis: Article 6(1)(a) GDPR – consent
  • You can withdraw your consent at any time by clicking “unsubscribe” in the email or contacting us at [email protected].

We will not send you marketing emails without your consent.

4. Cookies

Our Site uses cookies and similar technologies.

What are cookies?

Cookies are small text files stored on your device when you visit a website. They can be necessary for the Site to function or used for analytics or marketing.

Types of cookies we may use

  • Strictly necessary cookies: Needed for the website and webshop to function (e.g. keeping items in your cart, remembering your language preferences, securing login). These do not require consent.
  • Analytics / performance cookies: Help us understand how visitors use the Site (e.g. Google Analytics or similar). These cookies may require your consent, depending on your configuration.

We will not use marketing or analytics cookies that require consent without implementing a cookie banner or other appropriate consent mechanism.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Site, especially the cart and checkout.

5. Sharing your data

We do not sell your personal data.

We may share your data with the following categories of recipients, only as necessary:

  • Payment service providers (e.g. Stripe, PayPal, your bank) – to process your payments securely.
  • Shipping and logistics providers – to deliver your order.
  • Website hosting and IT service providers – to run and maintain the Site and email.
  • Professional advisors – such as accountants, auditors or legal advisors, where necessary.
  • Authorities – where required by law or in the context of legal proceedings.

All service providers that process personal data on our behalf are required to follow our instructions and comply with applicable data protection laws.

6. International data transfers

Some of our service providers may be located outside the European Economic Area (EEA), for example providers of payment processing, email or cloud hosting.

Where personal data is transferred outside the EEA, we will ensure that:

  • the recipient country has an adequacy decision from the European Commission, or
  • appropriate safeguards are in place, such as standard contractual clauses (SCCs).

You can contact us for more information about specific transfers.

7. Data retention

We keep your personal data only as long as necessary for the purposes described in this Policy, in particular:

  • Order and invoice data: kept for the period required by tax and accounting laws (often at least 5–10 years).
  • Customer service communication: kept as long as needed to handle your request and for a reasonable period afterward.
  • Account data: kept as long as your account is active. You can request deletion at any time.
  • Newsletter data: kept until you unsubscribe or withdraw consent.

When data is no longer needed, it will be deleted or anonymised.

8. Your rights under GDPR

You have the following rights regarding your personal data, subject to certain conditions:

  • Right of access: to know whether we process your data and to obtain a copy.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”): to request deletion of your data in certain circumstances.
  • Right to restriction of processing: to restrict how we use your data in certain cases.
  • Right to data portability: to receive your data in a structured, commonly used format and transmit it to another controller where technically feasible.
  • Right to object:
    • to processing based on legitimate interests,
    • and at any time to processing for direct marketing.

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at [email]. We may need to verify your identity.

9. Complaints

If you believe your data protection rights have been violated, you can contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with your local supervisory authority. In Croatia, this is:

Agencija za zaštitu osobnih podataka (AZOP) – the Croatian Personal Data Protection Agency.

10. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration.

However, no system is completely secure, and we cannot guarantee absolute security of your data.

11. Links to other websites

Our Site may contain links to third-party websites (e.g. Instagram, payment providers). We are not responsible for the privacy practices of those websites. We recommend you read their privacy policies separately.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our Site and the “Last updated” date at the top will show when it was last changed.

If we make significant changes, we will try to inform you by email or via a notice on the Site.

Start typing and press Enter to search

View more
Shopping Cart

No products in the cart.