Privacy Policy

Last updated: 12 May 2026

1. Data Controller

The data controller for the website https://idecopack.eu is:

ECG CONCEPT d.o.o., trading as IDECOPACK Kramarici 17H, 10000 Zagreb, Croatia OIB: 16658132626 / VAT ID: HR16658132626 Email: office@ecgconcept.com Phone: +385 99 2024 226

This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website, contact us, request a quote or purchase products from the IDECOPACK webshop.

2. Personal Data We Collect

Depending on how you use the website, we may collect:

• name and surname;
• company name;
• VAT ID / OIB, if provided;
• billing and delivery address;
• email address;
• phone number;
• order details and purchase history;
• payment status and transaction reference;
• messages sent through forms or email;
• IP address, browser data, device data and website usage data;
• cookie preferences and consent records.

We do not collect or store complete card data. Card data is entered directly into the secure payment form of our payment processor, CorvusPay, or another enabled payment provider.

3. Purposes of Processing

We process personal data for the following purposes:

• responding to enquiries and quote requests;
• creating and managing customer accounts, if enabled;
• processing orders, payments, invoices, delivery and returns;
• providing customer support;
• handling complaints and warranty-related communication;
• preventing fraud, abuse and unauthorised access;
• maintaining website security and performance;
• complying with accounting, tax and legal obligations;
• improving website content, product structure and user experience;
• sending marketing communication only where legally allowed or based on consent.

4. Legal Basis

We process personal data based on:

• contract performance, when data is needed to process an order or provide requested services;
• legal obligation, especially accounting, tax, consumer protection and business record rules;
• legitimate interest, such as website security, fraud prevention, customer support and basic business analytics;
• consent, for optional cookies, analytics, newsletter subscription or marketing communication where required.

5. Payments

Online card payments are processed through CorvusPay or another enabled payment provider.

When paying by card, you enter payment data into the secure payment form of the payment provider. IDECOPACK does not receive or store complete card details.

Payment providers may process your personal and payment data as independent controllers or processors, depending on the payment method and applicable law. Their processing is governed by their own terms, privacy notices and legal obligations.

6. Sharing Personal Data

We may share personal data with trusted service providers only when needed for the purposes listed above, including:

• website hosting providers;
• WordPress / WooCommerce technical service providers;
• payment processors, banks and card schemes;
• delivery and courier companies;
• accounting and invoicing service providers;
• IT maintenance and security providers;
• legal, tax or regulatory authorities when required by law;
• analytics and cookie providers, only according to your cookie settings and applicable law.

We do not sell personal data.

7. International Transfers

Some service providers may process data outside the European Economic Area. If this happens, we use appropriate safeguards required by GDPR, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.

8. Data Retention

We keep personal data only as long as necessary for the purpose for which it was collected.

Typical retention periods:

• order, invoice and accounting data: according to legal accounting and tax retention rules;
• enquiry and support messages: as long as needed to handle the request and protect legitimate business interests;
• user account data: while the account exists or until deletion is requested, unless retention is legally required;
• cookie consent records: according to the consent tool configuration and legal requirements;
• security logs: for a limited period needed to protect the website and investigate incidents.

9. Your Rights

Under GDPR, you may have the right to:

• access your personal data;
• request correction of inaccurate data;
• request deletion of data;
• request restriction of processing;
• object to processing based on legitimate interest;
• withdraw consent at any time, where processing is based on consent;
• request data portability;
• lodge a complaint with a supervisory authority.

In Croatia, the supervisory authority is the Croatian Personal Data Protection Agency:

Agencija za zastitu osobnih podataka (AZOP) Website: https://azop.hr

To exercise your rights, contact us at office@ecgconcept.com.

10. Cookies and Analytics

We use cookies and similar technologies as described in our Cookie Policy.

Optional analytics or marketing cookies are used only according to your consent settings, where required.

You can change cookie settings through the cookie banner or cookie settings tool available on the website.

11. Data Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

No website or online transmission is completely risk-free. If we become aware of a personal data breach that may affect your rights and freedoms, we will act according to GDPR notification rules.

12. Children

The IDECOPACK website and webshop are not intended for children. We do not knowingly collect personal data from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with the updated date.

14. Contact

For privacy questions or requests, contact:

IDECOPACK Email: office@ecgconcept.com Phone: +385 99 2024 226