Last updated: 2026-05-01
URBAN DIZAJN 2021 j.d.o.o., Ulica 141. brigade hrvatske vojske 1A, 21000 Split, Croatia, OIB (tax ID): 33084023327, MB: 05362695, registered with the Commercial Court in Split, represented by board member Sanja Kumrić Beščec (hereinafter: "we", "us", "Urban Design") is the controller of your personal data within the meaning of the General Data Protection Regulation (Regulation EU 2016/679, GDPR). Pursuant to Article 37 GDPR we are not required to appoint a Data Protection Officer (DPO) as our core activities do not involve processing of special categories of data nor regular and systematic monitoring of data subjects on a large scale. For any privacy questions you can contact us at orderurbandesign@gmail.com or by post at the address above.
We use your data exclusively for the following purposes: (1) processing orders, issuing invoices and delivering products; (2) responding to inquiries received via the contact form; (3) sending newsletters when you have given explicit consent; (4) fulfilling legal obligations (accounting, tax and consumer-protection); (5) maintaining site security and preventing abuse.
We process your data on the following legal bases (Art. 6 GDPR): (a) performance of a contract — order processing, delivery and purchase-related contact (Art. 6(1)(b)); (b) legal obligation — retention of accounting and tax records and handling of consumer complaints (Art. 6(1)(c)); (c) consent — sending newsletters, which you may withdraw at any time without giving reasons (Art. 6(1)(a) and Art. 7(3)); (d) legitimate interest — answering inquiries unrelated to a specific order, and protecting the site against abuse (Art. 6(1)(f)). Our legitimate interest is providing quality customer support and ensuring the webshop functions properly; this interest does not override your fundamental rights and freedoms.
We share your data only with service providers (data processors) necessary for webshop operation: Stripe, Inc. (payment processing), Supabase, Inc. (database hosting), Resend, Inc. (transactional emails), Cloudflare, Inc. (media file storage and CDN), Vercel, Inc. (website hosting). All listed processors handle data on our behalf under data processing agreements (DPA) and in accordance with their own privacy policies. We may also disclose data to public authorities when required by law.
Some of our service providers (Stripe, Supabase, Resend, Cloudflare, Vercel) are based in the United States. Data transfers are based on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring an adequate level of protection for your data in line with Art. 44–49 GDPR.
Order data and related accounting records are retained for 11 years from the end of the business year, in accordance with Art. 10 of the Croatian General Tax Act and Art. 30 of the Accounting Act. Contact messages are kept for up to 2 years from the last communication. Newsletter subscriptions are kept until you unsubscribe (every email contains an unsubscribe link). Server logs are kept for up to 90 days. After these periods data is deleted or anonymized.
Under Art. 15–22 GDPR you have the following rights: (a) right of access to your data; (b) right to rectification of inaccurate or incomplete data; (c) right to erasure ("right to be forgotten"); (d) right to restriction of processing; (e) right to data portability; (f) right to object to processing based on legitimate interest; (g) right to withdraw consent at any time — withdrawal does not affect the lawfulness of processing prior to withdrawal. To exercise any of these rights contact us at orderurbandesign@gmail.com or by post at our registered address. We will respond to your request within one month at the latest.
We do not perform automated decision-making that produces legal effects on you or similarly significantly affects you, nor do we carry out profiling within the meaning of Art. 22 GDPR.
We implement appropriate technical and organisational measures to protect personal data in accordance with Art. 32 GDPR, including: TLS/HTTPS encryption of all traffic, cryptographic hashing of administrator passwords (bcrypt), need-to-know access controls, regular system updates, request rate limiting, and audit logging of administrative sign-ins. Payments are processed exclusively through the PCI-DSS certified Stripe system.
Our website is not intended for persons under the age of 16 and we do not knowingly collect data from children. If you are a parent or guardian and believe that your child has provided us with personal data, contact us and we will delete the data without delay.
If you believe that the processing of your personal data does not comply with the GDPR or other regulations, you have the right to lodge a complaint with the supervisory authority — the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, Croatia, tel. +385 (0)1 4609-000, www.azop.hr.
We use only essential cookies and browser storage (localStorage) required for basic website operation and secure payment processing. Essential technologies do not require your consent. We do not use tracking, analytics or advertising cookies. List of cookies and local storage entries we use: • ud-cart (Urban Design, localStorage) — stores cart contents; duration: until cleared by user; purpose: cart functionality. • cookie-consent (Urban Design, localStorage) — remembers your decision on the cookie notice so we don't show it to you again; duration: until cleared by user. • __stripe_mid, __stripe_sid (Stripe, cookies) — payment fraud prevention; duration: 1 year / 30 minutes; purpose: payment security. • admin-session (Urban Design, cookie) — administrator authentication; duration: 24 hours; only on the admin section. You can clear cookies and local storage at any time via your browser settings. Note that this may affect basic site features (e.g. the cart).
Payments are processed by Stripe Payments Europe Ltd / Stripe, Inc. — a company certified to PCI-DSS Level 1. Your card data is transmitted directly to Stripe over TLS encryption; we never see or store it. Stripe processes data in accordance with its privacy policy at stripe.com/privacy.
We reserve the right to modify this policy to reflect changes in law or in our practices. All material changes will be published on this page together with the update date. We recommend reviewing the content periodically.
For any privacy and data protection questions please contact us: email: orderurbandesign@gmail.com, phone: +385 92 306 9642, post: URBAN DIZAJN 2021 j.d.o.o., Ulica 141. brigade hrvatske vojske 1A, 21000 Split, Croatia.