Personal data protection

General provisions

We treat our clients' data responsibly and process and protect them according to standards established by the Regulation (EU) 2016/679 of the European Parliament and Council on 27th April 2016 on protecting the individuals regarding the processing of personal data and free movement of such data as well as putting out of effect the Directive 95/46/EC (General Data Protection Regulation - GDPR).

We process the clients' personal data acquired via web shop exclusively for the purpose of concluding and executing mutual contracts i.e. services. By using appropriate technical and organizational measures we protect customers' personal data and keep them according to valid laws in the Republic of Croatia.

When deadlines determined by law expire, we delete the personal data of our customers or anonymize them due to statistic purposes.

Via our web page – we collect only those personal data which are necessary for concluding and executing mutual contracts i.e. our obligations.


Personal data processing for marketing purposes

Personal data processing for marketing purposes is based on your free-will and informed consent which you can withdraw at any time during which the withdrawal of the consent does not influence the legitimate purpose of processing prior to its withdrawal.

When we send marketing messages to you, you will always have the possibility of updating your personal data as well as changing the way of usage or deleting personal data we use for marketing purposes.


Principles of personal data protection

We deal with all personal data confidentially taking care of appropriate level of security and protection. We do not collect, process or in any other unauthorized way use personal data.

Prior to introducing new technologies which can be used for personal data protection we in a detailed way analyze and adjust technical and organizational measures in order to secure applying of highest standards for personal data protection.

During personal data processing we take care of the duty of keeping professional secrets in a way regulated by the laws of the European Union i.e. the Republic of Croatia.  All users' data are kept strictly confidential and are available only to employees who need those data for performance of work. All our employees and business partners without exception and responsibly respect these principles of protecting your privacy.

Your data will never be disclosed to third parties without your explicit request and clearly given, unambiguous and precisely defined consent or when it is needed for performing a contracted service.

Exceptionally, we can disclose your personal data to authorized international, state or public authorities if it is necessary for the fulfillment of legal obligations, for protection of your life interests or life interests of other natural persons. In the same way, if the court or any other authorized state authority issues such request for the purposes of court proceedings (not regarding the phase of the procedure) or some other corresponding procedure of authorized bodies, we can disclose your personal data within the scope and limits of such warrant.


Payment with a credit card

Entering and transfer of personal data and data on the number of your credit card is protected by highest security standards secured by WSPay system for online authorization of credit cards which is in accordance with the requirements of card issuers and card brands as well as PCI DSS standards, protected by SSL protocol with 256-byte encryption secured by WSpay™ system for online authorization of credit cards. Authorization and charging of credit cards are performed by using WSPay for authorization and charging of cards in real time.

We do not register your credit card's number neither save it for any transaction data. uses the services of third parties i.e. authorized banking institution for charging via credit cards, which by encryption protects your data.


Data processing

Web page collects and registers information on IP address (Internet Protocol Address) of the user or computer location for the purposes of system administration, eliminating defects, confirmation for taking over the content or improving technical aspects of Internet service. Further, data on using the web page, such as records files on the number of users of specific sites and/or contents.

Such data do not present personal data, and cannot be neither directly nor indirectly connected with a specific individual and we use them exclusively for the purpose of improving our services and adjusting and making our web page personalized according to wishes and needs of a specific user.

Farm Jola rural craft respects the privacy of the users of web shop in a way that all collected data are processed exclusively for the purpose and intention they were given for all in accordance with the General provisions and principles of data confidentiality.

Farm Jola rural craft collects, processes and publishes the data on the way and type of usage of web page by not being connected nor disclosing the identity of the user i.e. its personal data.

In order to secure the accurate and updated personal data, they will be kept i.e. saved in as few places as possible (i.e. only in places where it is necessary), and we will enable the data subject whose personal data are being processed to update its personal data in a simple and adequate way by using examples of good practice.

If during processing, i.e. usage of personal data it is determined that specific personal data are inaccurate or not updated and it is not possible to update them or it would result in disproportionate efforts or costs, such data will be deleted.


Realization of data subjects' rights

Realization of data subjects' rights is of specific importance to us and therefore we approach each request for rights' realization with maximum seriousness being led by the requirements of the General Data Protection Regulation.

The data subject has the right to receive the confirmation on whether his/her personal data are being processed or not. If his/her personal data are being processed, the data subject can require access to its personal data noting the purpose of processing, the category of personal data which are in question and possible recipients to whom personal data have been disclosed (or will be disclosed on the basis of valid legal grounds).

The data subject has the right to ask for the correction or deletion of its personal data i.e. limitation of personal data processing as well as transfer of data.

Realization of data subjects' rights cannot influence his/her right to contact the Agency for protection of personal data i.e. some other supervisory body.

The request for realization of rights is submitted via e-mail address:

We will respond to such request for realization of rights in shortest possible time which cannot be longer than 30 days. During that we take adequate steps in order to indisputably determine the identity of the request submitter prior to providing any information regarding personal data.

We take safety very seriously, especially when there is a possibility of unauthorized disclosure of personal data.

Apart from that, you can request the deleting of your personal data without unnecessary postponing if: personal data are no longer needed regarding the purposes for which they had been collected or they have to be deleted with respect to regulations of the European Union or the Republic of Croatia.


Final provisions

In case of breach of personal data and especially unauthorized breaking in into IT system, we shall inform the Agency for protection of personal data of such breach within 72 hours from revealing it.

If the breach of personal data can cause high risks for the rights and freedom of individual, we shall without postponement inform those data subjects whose personal data have been breached.

If you are of opinion that we do not treat your personal data in an acceptable way or you have an impression that it violates the General Data Protection Regulation and national legislative, it is your right to contact the Agency for protection of personal data.