Privacy Policy

Privacy Policy

This Privacy Policy (“Policy”) explains how AROMA GLOBAL 3 d.o.o., Ulica Velimira Škorpika 11, 10000 Zagreb, as the Controller (hereinafter referred to as the “Controller”) collects, uses and manages your personal data collected on

The Controller as a service provider of the website is committed to protecting and respecting your privacy. Please read this Policy carefully to understand why and how we collect your personal data and how it will be used.

If you wish to contact us about this Policy or about your personal data, please use the following contact details:

Address: Ulica Velimira Škorpika, 11 10000 Zagreb


How and when do we collect your personal data?

We collect your personal data when necessary to meet your consumer needs or for the purposes of conducting our business:

- the moment you access, we will collect your IP address, which is also considered personal data;

- when registering as a user or recipient of newsletters or other notifications about our products. As the Controller, we will ask you to enter information about yourself (personal data) such as your email address. The legal basis for the processing of your data is consent. Thus, the user who signs up to receive product notifications by entering his/her data on gives consent to the processing of his/her personal data. This consent can be withdrawn by the user at any time;

- situations where we collect other types of data such as date and time of site access, information about the hardware, software or internet browser you use, as well as your computer's operating system, application version and your language settings. We may collect information about the clicking behaviour and access to displayed to you;

- when you contact customer service or our sales department and ask for help or a question in order to exercise one of your rights guaranteed by applicable regulations;

- when you contact us via social media, we collect the information that you have made available to us when making inquiries or requests;

- when you make any inquiry related to our offer, or if you want to send an open job application request, etc.

We collect certain categories of your personal data listed above either on the basis of the consent shown to you upon arrival at via a pop-up window, or on the basis of a legitimate interest. The latter, for example, in the case of cookies that are necessary for the functioning of or when we are already sending you some interesting notifications and/or offers as our customer.

The consent is renewed via a pop-up window within 12 months of your last acceptance or rejection of certain cookies.

In the event that we have to fulfil our obligations arising from the applicable regulations of the Republic of Croatia, we will not process the data on the basis of the two aforementioned legal grounds.

What data and for what purpose do we collect directly from you?

Typical categories of information that we collect from you as a user are: name, e-mail address, phone number, or other information that you provide to us when you communicate with us by phone or e-mail.

We collect your personal data in order to:

- allow you to use of all services on the website;

- respond to and process your requests as efficiently as possible;

- statistical data processing;

- send notifications and contact you;

- improve the quality of content.

What are your rights?

- The right to access your personal data:

You have the right to ask us to confirm whether we process your personal data, as well as to access your personal data that we process.

- Right to correct inaccurate personal data:

You have the right to request the correction of your inaccurate personal data, as well as the right to modify your personal data.

- Portability of personal data:

You have the right to download and request the transfer of your personal data.

- Right to erasure (right to be forgotten): 

You may request that the Controller erase your personal data if one of the reasons listed in Article 17 of the General Data Protection Regulation is met. We hereby inform you that we cannot delete your personal data if their processing is necessary, for example to comply with a legal obligation to store data or for reasons of public interest to establish, exercise or defend legal claims.

- Right to object to the processing or treatment of your personal data:

You have the right to object to the processing of your personal data as well as to our way of handling your personal data in general.

- Right to withdraw consent:    

You have the right to withdraw your consent to further processing of personal data at any time. The withdrawal of consent does not affect the processing based on consent before its withdrawal.

- Right to complain to the Personal Data Protection Agency: 

You have the right to complain at any time before the competent authority for the protection of personal data – the Personal Data Protection Agency (, regarding the processing and protection of your personal data.

You can exercise your rights by sending your request to the e-mail address with “Data Subject Request” as the subject of the message or to the address Vjekoslav Spinčića 3/2 Opatija. Upon receipt of the message, we will send you a confirmation of the proper receipt of your request.

Your rights are exercised free of charge. However, if you frequently (for example, if less than 6 months have elapsed since your last request) or excessively (for example, if you request all your personal data in writing) request access to or transfer of your personal data, we have the right to ask you to cover our costs before carrying out such an action.

Where are your personal data stored?

We store your personal data in a secure environment. Your personal data are protected from unauthorised use, access, disclosure, copying, modification or destruction by any individual or organisation. We store data in paper and digital form. The processed data are stored in the premises of the Controller and are continuously monitored. 

How long will we keep your personal data?

The Controller will not retain your personal data for longer than the period for which the data is necessary to fulfil the purpose of their use. If you are interested in details and retention periods, you can contact the Data Protection Officer at

For example, we will store your cookie selections for a maximum of 1 year after which you will be shown the pop-up again at the time of your visit to Of course, you have the right to change your mind and regulate your consent at any time.

What will we use your data for?

As stated before, we may use your personal data in several different ways, including to improve your shopping experience, for direct marketing, or for security reasons.

Does Aroma Global 3 d.o.o. as the Controller exchange data with third parties?

Your privacy is very important to us, so we will never share your personal data with third parties except for the purposes described in this Privacy Policy. We will always keep you informed about the sharing and transferring of your personal data.

The Controller works together with other companies (such as web developers). This means that we sometimes share your personal data with our trusted partners, using secure IT systems. When we do so, the data is transferred to servers located in the EU or in a country that provides an adequate level of protection in accordance with EU legislation.

Right to object to processing for direct marketing purposes

In certain cases, we process your personal data for direct marketing purposes. If you do not consent to this processing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing, which includes the creation of profiles to the extent related to such direct marketing. If you object to direct marketing processing, we will no longer process your personal data for these purposes. You can send your objections to the following contact address:

Information on the processing of personal data related to the implementation of activities on the official profiles of AROMA GLOBAL 3 d.o.o. on social networks (Facebook, Instagram, TikTok)

The Company manages the following social media sites:

The Company processes personal data on social media sites to inform customers about offers, products, and/or other topics and news, and to communicate with social media visitors about these topics, as well as to respond to relevant inquiries about praise, criticism and other queries.

In cases where we can influence and determine the conditions of personal data processing, we strive, within the possibilities provided by the social network operator, to ensure that the processing of personal data is carried out in accordance with the relevant legal regulations. Therefore, in cases where the social networking platform provider has enabled us to do so, we ensure that our social networking sites respect the protection of personal data. 

The information you have added to our social media sites such as comments, videos, pictures, likes, etc. is published through the social media platform, and will never be processed or used for any other purpose. However, we reserve the right to deletion if a particular post or comment violates the rules of permitted content, e.g. it contributes to a violation of the law, contains hate messages, vulgar comments (e.g. with sexual content), or attachments (e.g. images or videos) that violate copyright, intellectual property rights, the Company's ethical principles, and/or the Company's morals. 

We do not manage or store all social media functionality, so, for example, any posts you post on our social network page will remain on the timeline indefinitely until you remove them, or if they are removed due to profile updates or violations of allowed content policies.

We have no influence over the deletion of your data by the social network operator itself.


The Company also uses advertising services through social networks. The Company has the ability to determine the parameters on the basis of which a specific ad will be displayed to a specific target group. In doing so, as with the use of analytics, the Company does not have access to the personal data that is processed, but is solely the operator of the social network platform.

Accordingly, when advertising, we choose to whom the ad will be shown based on demographic, interest and other parameters that allow us to choose exactly the group of people we need.

Other processing through social networks

In addition, the Company performs the following personal data processing:

Name and purpose of the personal data processing activity

Legal basis of data processing

Scope and source of personal data

Duration of processing

Categories of data recipients

Processing activity entrusted to the Processor

Publication of photos and video material for marketing purposes.

The Company may publish photos and video materials with you as the subject on its social media profiles in order to inform customers about certain activities and products. 

a) Article 6 (1) (f) GDPR – processing is necessary for the legitimate interest of the Company. 

The legitimate interest of the Company is the promotion of the Company's marketing activities on the Company's social media profiles.

The Data Subject has the right to object to processing based on a legitimate interest at any time.

b) Article 6 (1) (a) GDPR – the Data Subject has given consent to the processing of their personal data for one or more specific purposes.

Photos and videos from various events, promotional and sponsorship activities.

In relation to processing based on the consent of the Data Subject, the Company also processes data on the information related to the granting of consent.

Data source: Data Subject.

Photos and video materials posted on the Company's social network profile will in principle be kept permanently.

Social media users.

Provision of social networking services.

Provision of event photography services organised by the Company.

Name and purpose of the personal data processing activity

Legal basis of data processing

Scope and source of personal data

Duration of processing

Categories of data recipients

Processing activity entrusted to the Processor

For the purpose of exercising or defending legal claims either in court proceedings or in administrative or non-contentious proceedings.

Article 6 (1) (f) GDPR (processing is necessary for the legitimate interest of the Company).

Legitimate interest of the Company: setting requirements in relation to the Data Subject and successful defence in any litigation initiated by the Data Subject, i.e. in administrative and other similar proceedings.

All personal data collected for the above data processing purposes.

In the event that the processing of personal data is necessary for establishing, i.e. for the defence or for the exercise of the legitimate interest of the Company in legal proceedings or in administrative or extrajudicial proceedings initiated by the Data Subject on the basis of their own legitimate interest, the Company shall process the data until the final completion of such proceedings or the achievement of a legitimate interest otherwise (e.g. by concluding an extrajudicial settlement).


In order to maintain the website and ensure its functionality, the Controller uses a technology generally known as “cookies”.

A cookie is a small text file which is saved on the computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don't have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies can be temporary or persistent. Thanks to the cookies on our site, you can search easily, and you will be shown results that are relevant to you.

We use the following cookies:

1) temporary user input cookies (session-id) or persistent cookies limited to a few hours in some cases;

2) third-party cookies for sharing social network plugins for subscribed social network members, and

3) analytical cookies.

You can access cookies stored on your computer when you visit our website. 

We only process cookies with your consent. You can accept, partially accept or refuse the use of cookies, just check the settings in your browser. However, please note that some of the features of our website may not work without cookies. By requesting consent, we will present the purpose for which we will process this type of information and inform you of your rights.

You can find more information about cookies in the Cookie Policy. You can also use the pop-up to regulate your choice of cookies at any time.

Entry into force and changes to the Privacy Policy

This Policy takes effect on the day of its publication on

This Privacy Policy may be amended by the Controller at any time by posting the amended text on

Changes to this Privacy Policy will take effect immediately upon posting on

The Policy was revised in August 2022.