Cookie and Privacy Policy

Cookie Notice

In this guideline, we use the term “cookies” to refer to cookies and other similar technologies covered by the EU Directive on privacy in electronic communications.

What is a cookie?

Cookies are small text files, created by the website visited, that contain data. They are stored on the visitor’s computer to give the user access to various functions.

Both session cookies and non-session cookies are used on our sites.

A session cookie is temporarily stored in the computer memory while the visitor is browsing the website. This cookie is erased when the user closes their web browser or after a certain time has passed (meaning that the session expires).

A non-session cookie remains on the visitor’s computer until it is deleted.

Why do we use cookies?

We use cookies to learn more about the way visitors interact with our content and help us to improve the experience when visiting our website.

Site functionality and content

The share function is used by visitors to recommend our sites and content on social networks such as Facebook. Cookies store information on how visitors use the share function – although not at an individual level – so that the website can be improved. If you do not accept cookies, no information is stored.

For some of the functions within our websites, we use third-party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third party websites for information regarding their use of cookies.

Web analytics

This website uses Google Analytics which use cookies. At the aggregate level, cookies store information on how visitors use the website, including the number of pages displayed, where the visitor comes from, and the number of visits, to improve the website and ensure a good user experience. If you do not accept cookies, no information is stored.

How do I reject and delete cookies?

We will not use cookies to collect personally identifiable information about a visitor.

However, you can choose to reject or block the cookies set by Orvas or the websites of any third party suppliers by changing your browser settings – see the “Help function” within your browser for further details.

Please note that most browsers automatically accept cookies so if you do not wish cookies to be used, you may need to actively delete or block the cookies.

For information on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your mobile phone manual.

Note, however, that if you reject the use of cookies you will still be able to visit our websites but some of the functions may not work correctly.


  1. Introduction

Your privacy is important to us, Orvas d.o.o.

In this Privacy Notice, we would like to explain who we are, what personal data we collect about you, why we collect it and what do we do with it in an easy and readable way. Personal data means any data from which we are able, directly or indirectly, to identify you.

Please take time to read this Notice. If you do not agree to it, please do not provide us with your data.

  1. What does this Privacy Notice cover

This Notice covers how we process your data whenever you interact with us,  e.g. when you

  • visit any of our websites;
  • use our social media channels;
  • purchase and use our products and services, systems and applications;
  • subscribe to our newsletters;
  • provide to us your goods or services, systems or applications;
  • contact our customer support;
  • join our business events;
  • participate to our contests;
  • participate to our promotions;
  • or otherwise interact with us

as consumer, business customer, partner, (sub) supplier, contractor or other person with a business relationship with us.

“Processing” means any operation performed on personal data, which includes collection, recording, storage, modification or update, retrieval, consultation, use, disclosure by manual and/or automated means.

  1. What is the data that we collect about you?

Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, phone, etc.) we may process different data about you.

In this notice we cover all possible personal data that we collect from you.

  • Data you provide us directly us  – 
Categories of data Examples of data
Personal identification Name, last name, title, date of birth
Contact information Email, phone number, address, country
Images Pictures uploaded/ provided to us
Financial data Credit card data, bank account information
Other information Household information, interests, profession, preferences
  • Data about your use of products and/ or services that we collect automatically- 

In addition to the information you provide to us directly (see above), we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:

Categories of data Examples of data
 Device information Device model, unique device identifier, MAC address, IP-address,  operating system version, and settings of the device you use to access, e.g. the websites/ apps/ services
 Log information  Time and duration of your use of our digital channel or product
 Location information  Your actual location (derived from your IP address or other location-based technologies), that may be collected when you enable location-based products or features such as through social media
Other information Apps you use or websites you visit, links you click within our advertising e-mail, motion sensors data
  • Information from third-party sources – 

We may receive information about you from publicly available sources (as permitted by law) such as public databases, our marketing partners, or social media platforms when you choose to connect to such services.

We may combine this information with other information we receive from you.

  • Other – 

You may choose not to provide certain types of information to us, but doing so may affect your ability to enable certain functionality of the products and/ or services.

In compliance with the law, we will not process data relating to

  • racial or ethnic origins;
  • political opinions;
  • religion or beliefs;
  • trade union membership;
  • genetic features;
  • health;
  • sex life;
  • criminal convictions or related security measures;
  • biometric data;
  • genetic data.

If we had to process this type of data, we would always request your prior consent.

  1. How do we use your data?

We may process your data for different purposes, but only for those which have a legal basis to process the data.  Please find below the overview .

Legal basis Examples of Purpose
Contract/agreements execution Billing and delivering products and/ or services that you have purchased;

Enabling us to reach you for delivering you our products;

Registration to mobile applications or websites;

Service account management.

Compliance with legal obligations and Public interest Disclosing data to government institutions or supervisory authorities as applicable in all countries in which we operate, such as reporting obligations, compliance audits, tax deductions, record-keeping and reporting obligations, compliance with government inspections and other requests from government or other public authorities;

Establish, exercise, or defend ourselves from legal claims.

Legitimate interests Administrative communications, such as order confirmations, notifications about your account activities, and other important notices;

Providing support upon your request via communication channels, such as customer or contact center support;

Security and protection of our interests/assets, such as deploying and maintaining technical and organizational security measures, conducting internal audits and investigations, conducting assessments to verify conflict of interests;

Managing any internal complaints or claim.

Orvas d.o.o. may send you communication about our products, services, events and promotions. The communication is send via different channels:  email, phone, SMS, post, social networks. We would like to provide you with the best experience, therefore these communication might be tailored to you preferences (for example, email as your preferred channel of communication with us – you can indicate it yourself or we can understand it based on the links you click in out emails).

When required by law, we will ask your consent before starting the above activities. To give your consent,  you can, for example, tick the box for acceptance of receipt of news and promotions or usage of your data for general ecommerce industry trend analytics.  We also give you the opportunity to opt-out and withdraw your  consent at any time. < e.g. unsubscribe email, send us a request for withdrawal of the consent, etc.>

If we ask you to provide us with your data, but you chose not to, in some cases we will not be able to provide you with the full functionality of our products, services, systems or applications. Also, we might not be able to respond to requests you might have.

  1. When do we share your data?

To whom the data is disclosed: other Orvas entities, affiliates, service providers, business partners, public authorities, governmental authorities, contractors, others.

When the data is transferred abroad?

Which countries, under which instrument

Your data will be processed by ourselves and other entities within the Orbico Group. In exceptional cases and only to fulfil the above described purposes described above, your data might be shared with following parties:

  • Service providers: ;
  • Business partners: < for examples: MMK, Phobs, …, they can provide you with the services you request>
  • Public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your data with entities that regulate or have jurisdiction over Orbico Group.
  • Professional advisors such as auditors, lawyers, accountants, other professional advisors.
  • Other parties in connection with corporate transactions such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).

[Your information may also be processed in a destination outside of the European Economic Area]. Third parties are limited in their ability to use your information for other purposes than providing services to us, and are also required to protect and handle your information in accordance with legal, regulatory and contractual obligations. We take reasonable steps to ensure that we retain information about you only for so long as is necessary for the purpose for which it was collected, or as required under any contract or by applicable law.

  1. How do we keep/retain your data?

We keep your data for the period necessary to fulfil the purposes for which it has been collected (see above section “How do we use your data?”). Sometimes we might keep your data longer if required or permitted by law. We determine the period based on the following criteria:

  • How long is the data needed to provide you with our products or services or to operate our business?
  • Do you have an account with us? Then we will keep your data while your account is active.
  • Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws, government orders to retain data relevant to an investigation, or data that must be retained for the litigation purposes.
  1. How do we secure your data?

To protect your data, we will take appropriate technical and organizational measures in line with  the applicable data protection and data security laws, including requiring our service providers, business partners or professional advisors to use appropriate measures to protect the confidentiality and security of your data.  We put in place measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data.

  1. Who is responsible for your data?

Orvas d.o.o with its head office at Uvala Baluni 9, Split  is responsible for processing the personal data it deems necessary to process. We are therefore the party whom you, as well as the supervisory authorities (for example AZOP- Agencija za zaštitu osobnih podataka),  should contact for any questions you may have relating to the way our company uses your data.

For some services, we rely on specialised partners. They therefore have to follow our instructions and adhere to our policy on personal data protection. We ensure that our partners receive only the data that are strictly necessary to perform their contractual duties.

  1. Which legislation applies?

The protection of your personal data is covered by the Regulation EU 2016/679, also known as the EU General Data Protection Regulation and applicable national data protection law of Sweden. We undertake to comply with our obligations and respect your rights whenever we process your data. If you wish to learn more about this subject, we advise you to visit .  Being Orbico a multinational company, this Notice may be replaced or supplemented in order to fulfil local requirements.


  1. Accessing your information

You are entitled to submit an inquiry to us and be advised about the data we process about you and how we process such data. You are also entitled at any time to withdraw your consent and/ or request any erroneous data to be corrected. Please make your enquiries and requests in writing, sign and send your letter to the address Marticeva ulica 14, 10000 Zagreb (AZPO – Agencija za zaštitu osobnih podataka); e-mail: [email protected] . We will respond promptly and no later than within a month, unless extraordinary complexity would require an extension of the time to respond.

If you have any issues exercising your rights regarding personal data you may

(a) contact the [Entity Privacy Manager]:  E-mail: [email protected]], and/ or

(b) lodge a complaint with the supervisory authority, [AZOP  ( Agencija za zaštitu osobnih podataka)]