Dark green tosh design logo wordmark written in sans serif grotesk font

Tosh Design
Privacy Policy

Published: 02 / 05 / 2022

Pursuant to Article 13 of this Regulation, this Privacy Statement informs you what personal data we collect through written or oral communication, for what purpose, how we handle it, who has access to it, who processes it, to whom we disclose it and for what purposes, for which We protect them for a period of time, how we protect them from unauthorized access and the rights you have in relation to the protection of personal data.

You can read the Privacy Statement in full below and feel free to contact us for all your questions at the email address provided in Article 1 of this Statement.

- Article 1

General information

This Privacy Statement for Tosh design applies from May 2, 2022.
By using Tosh design products and services, you entrust us with your data.

1) Head of personal data collection:
Tosh design, studio for graphic and web design, crafts and services and trade, owned by Jelena Toš
Vodnikova 8, Zagreb
OIB: 27211761112

2) The representative of the processing manager is available via:
e-mail: info@toshdesign.eu
contact phone: (+385) 1  779 22 86

- Article 2

The types of personal data we process

As part of our business, we may collect the following types of personal information according to the categories of respondents:

1. Potential clients, stakeholders:
Name and surname, mobile and / or telephone number, e-mail address

2. Clients, users of our services
Name and surname, address of the natural person, mobile and / or telephone number, e-mail address, OIB
Other data: Videos, photos and other necessary data for processing during business cooperation

3. External collaborators and partners
Name and surname, address of the natural person, mobile and / or telephone number, e-mail address, OIB, IBAN

- Article 3

How we collect data

1. During the visit to our website:
by contacting the specified mobile phone number and e-mail

2. During direct communication:
personal communication
via email
by phone

3. During business cooperation
to fulfill our obligations under the contract for the sale of our services

4. By fulfilling legal obligations

- Article 4

Access to data

The owner, executors of processing and recipients have access to the collected personal data on the basis of personal data processing.

The categories of processors are as follows:
1. Bookkeeping service
2. A web hosting company

The categories of recipients are as follows:
1. Tax Administration
2. Court and other public authorities of the Republic of Croatia

- Article 5

Purposes and legal bases of personal data processing

We process personal data for the following purposes:
1. Answer the query
2. Conclusion of the contract and fulfillment of obligations arising from the concluded contract
3. Production of graphic materials for the client (business cards, memoranda ..)
4. Issuance of invoice for the performed service
5. Marketing communication including deliveries of promotional materials, notices and offers about new services and upgrades of existing services and events (seminars and webinars) organized by Tosh design.
6. Statistical analysis to improve the experience of visiting our website
7. Enforcing legal claims and resolving disputes in order to protect our business and enforce and / or protect our rights may result in the disclosure of personal information. We will only disclose your personal information in the manner and under the conditions prescribed by law.
8. Transmission of personal data to third parties defined in Article 7 of this Statement. Your data will only be disclosed when it justifies a legitimate interest in ensuring safe and lawful operation and compliance with legal obligations (eg in the case of tax obligations which may include the transmission of your personal data to the Tax Administration).

We base the processing of personal data on the following legal bases:
1. Consent to the processing of personal data for one or more special purposes (provable, exclusive, unambiguous, voluntary, withdrawn at any time)
2. Necessary for the performance of the contract to which the respondent is a party or to take action at the request of the respondent prior to the conclusion of the contract
3. Necessary to comply with the legal obligations of the processing manager
4. Necessary to protect the key interests of respondents or other natural persons
5. Necessary for the performance of a task of public interest or in the performance of the official authority of the controller
6. Necessary for the legitimate interests of the controller or a third party (for example, when the respondent is our client)

- Article 6

Period of retention of personal data

We retain personal data for as long as necessary for the purpose for which they are processed or for compliance with the law.

1. Personal data of interested individuals for our services provided through this website, e-mail and telephone contact will be deleted no later than 2 years after our last response because our business experience has shown that after 2 years, the interested party is likely will not report again. The reason for keeping data for 2 years is based on the fact that if an interested party responds within that period, we can build on previous communication in order to respond quickly and efficiently to the request.

2. We store personal data that we process on the basis of your consent until the consent is withdrawn. For example, if you revoke your consent to receive newsletters, your subscriber profile information is automatically blocked and then deleted without delay and within a month at the latest.

3. Personal data shall be kept for the duration of the contractual relationship or until the termination of the contract. Thereafter, they shall be deleted without delay and at the latest within one month or after the expiration of all legal storage obligations, unless a procedure for forced collection of unpaid receivables has been initiated or an objection to the product or service has been lodged, until the procedure is completed with applicable regulations (eg Consumer Protection Act, etc.).

4. We store personal data in accordance with the legally prescribed obligation of archiving

It is possible that the data is anonymized instead of deleted.

- Article 7

Forwarding of personal data

We treat the personal information you provide to us in confidence. Your data is used to process your request, and in exceptional cases the data is processed by our partners based on our order. There is a possibility of forwarding data to partners for the purpose of processing inquiries sent to us. In such cases, we ensure that carefully selected partners meet the legal requirements of this Regulation.

We may only use non-EU service providers (third countries) to process your personal data if there is a European Commission decision on suitability for that third country or if we have agreed with the service provider to comply with binding personal data protection regulations.

Tosh design, when registering some domains, uses a service provider outside the EU (third country): GoDaddy.com.

When we process your personal data on the basis of consent, the withdrawal of consent on the basis of which we process your personal data will be applied to the said company.

We will pass personal data to third parties in case of compliance with the law, at the request of the authorities, court decisions, legal proceedings, the obligation to report and inform the competent authorities and the like.

- Article 8

Your rights

1. Right of access to personal data
You can request access to your personal data from us at any time.

2. The right to correct inaccurate personal data
If we process your personal information that is incomplete or inaccurate, you may at any time ask us to correct or supplement it.

3. Right to delete (right to forget) personal data
You can ask us to delete your personal data at any time, but please note that there are reasons that prevent immediate deletion, for example with statutory archiving obligations.

You can revoke the consent you have given at any time.If you revoke the given consent, we will no longer use your data for the stated purposes, which may result in the inability to use some additional benefits related to them.

4. The right to object to the processing of personal data

If we distribute your data for the purpose of performing tasks in the public interest or public bodies, or invoke our legitimate interests in processing them, you may object to such processing if there is an interest in protecting your data.

5. Right to limit processing
You can ask us to limit the processing of your data:
if you dispute the accuracy of the data during a period that allows us to verify the accuracy of that data
if the data processing was illegal but you refuse to delete it and instead request a restriction on the use of the data
if we no longer need the information for the intended purpose, but you still need it to meet legal requirements or
if you have filed a complaint about the distribution of this information

6. Right to object to the supervisory body
If you are of the opinion that we have violated Croatian or European data protection regulations during the processing of your data, please contact us at the e-mail address referred to in Article 1 in order to clarify any issues. You certainly have the right to lodge a complaint with the Croatian Data Protection Agency, ie in the event of a change in the applicable regulations to another body that will take over its competence, and from 2nd of May 2022 to the supervisory body within the EU.

- Article 9

Procedure for exercising rights

If you want to exercise any of these rights or have questions about your personal data, please contact us by sending a request regarding the exercise of personal data rights in writing to the e-mail address of the Head of Personal Data Collection: jelena.tosh@toshdesign.eu. For the sake of reliable identification, in the event that your rights regarding personal data are exercised, we may request additional information to verify your identity, and we may refuse to process your request in the event of an apparent intent to misuse.

We will respond to your request for the exercise of rights, related to the above personal data, without undue delay and in any case within one month of receiving the request.

- Article 10

Protection of personal data

In order to protect your personal data from unauthorized access, use or accidental loss, we carry out all technical and organizational security procedures in accordance with our capabilities, the rules of the General Regulation on Personal Data Protection and the Internal Regulations.

1. Only data controllers have access to your personal data only when necessary and in accordance with the purpose of collecting personal data.
2. We regularly monitor, review and maintain our computers and website
3. We regularly back up personal information on your computer and website
4. Antivirus program
5. We are aware of the (non) opening of e-mails from unknown sources, etc.

- Article 11


1. General information about cookies

This website saves small text files called cookies on your computer for a better user experience on the website. This practice is represented in at least 90% of websites in the world, but according to the EU Directive from May 2011, we are obliged to ask for your consent before storing cookies. By using the website, you agree to the use of cookies, and in the event that they are blocked, you can still browse the site, but some of its features will not be available. After 25 May and the date of application of the General Data Protection Regulation (GDPR), each website should allow the user to easily withdraw their consent to the use of cookies. To withdraw your consent on our website, after clicking "I agree", simply click on the "Cookies - change settings" button and click "I disagree". It may happen that the use of certain functionalities of the website becomes disabled after the withdrawal of consent to the use of cookies.

A cookie is a small file stored on your computer by a website you visit. The cookie informs the website that the "old" user has reconnected by remembering his settings. Cookies record your preferences and settings, enter them into web forms and information for logged in users.

Cookies can store a wide range of information, but this information or information can only be stored if the user allows it - websites cannot access information that was not given to them by the user and cannot access other files on the user's computer. Cookies do not contain any personal data or information that could identify you. The user, on the other hand, can change his settings on the Internet and thus choose whether to approve or reject requests to save cookies, whether to automatically delete saved cookies when closing the Internet browser, etc.

By disabling cookies, you decide whether to allow them to be stored on your computer. Cookie settings can be controlled and configured in your internet browser. For information on cookie settings, select the internet browser you are using.

Internet Explorer 8 and later
FireFox 3.5 and later
Google Chrome 10 and later
Safari 2 and newer
Opera 10.5 and later.
By blocking cookies, you can still browse websites, but certain functionalities will not be available on them.

2. Types of cookies

Permanent and temporary cookies
Persistent or saved cookies are stored on disk (your computer) and remain there even after closing the Internet browser. They store information such as login name and password, so you don't have to log in every time you visit a particular place.

Temporary cookies are temporarily stored on disk and are deleted after closing the Internet browser. They use them to store temporary data such as items in the shopping cart.

First and third party cookies
First party cookies come from the website that the user is browsing and can be permanent or temporary. Websites use these cookies to store information that they will use again the next time a user visits that site.

Third-party cookies come from other, affiliate sites you view. Third parties may collect information about users of various websites and use it for marketing and analytical purposes.

Necessary and other cookies
Necessary cookies are necessary for the operation and use of the website. For example, they allow you to navigate a website and log in to secure areas.

Performance cookies collect information about how visitors use our website, for example, which pages visitors visit most often and if they receive error messages from those pages. These cookies do not collect information that identifies the visitor. All information collected by these cookies is anonymous. They are only used to improve the functioning of this website.

Functional cookies allow our website to remember the selections and adjustments you made during the visit and provide enhanced personal features. For example, memorizing changes in language settings or currency preferences. They can also be used to allow third parties to provide social sharing tools and remember your preferred sharing services.

Marketing cookies are used to track visitors through a website. The intent is to display ads that are relevant and interesting to the individual user, and thus more valuable to third-party publishers and advertisers.

3. Our website and the use of cookies

Name: _ga
Service provider: toshdesign.eu
Expires: 2 years
Type: First-party cookies, Permanent cookies
Purpose: Statistical cookies by anonymously collecting and sending data help site owners understand how visitors interact with the site.

Service provider: toshdesign.eu
Expires: 1 day
Type: First-party cookies, Permanent cookies
Purpose: Statistical cookies by anonymously collecting and sending data help site owners understand how visitors interact with the site.

Name: 92a0b1d3bf339a43ffc7268719b896d4
Service provider: toshdesign.eu
Expires: session
Type: First-party cookies, Temporary cookies
Purpose: They contain only a reference to the session stored on the web server. No data is stored in the user's browser and this cookie can only be used on the current website.

Name: 9354cdb47999f197bf054d1faf81a54f
Service provider: toshdesign.eu
Expires: session
Type: First-party cookies, Temporary cookies
Purpose: They contain only a reference to the session stored on the web server. No data is stored in the user's browser and this cookie can only be used on the current website.

Name: b92cc25126a83282435b97844815ca7d
Service provider: toshdesign.eu
Expires: 1 year
Type: First-party cookies, Temporary cookies
Purpose: They contain only a reference to the session stored on the web server. No data is stored in the user's browser and this cookie can only be used on the current website.

Name: cookieconsent_status
Service provider: toshdesign.eu
Expires: 1 year
Type: First-party cookies, Temporary / Permanent cookies (if you do not accept all cookies then it is Session cookie, otherwise it is Permanent cookie with a duration of 1 year)
Purpose: Cookie used to remember user settings - acceptance of the use of all cookies on this website. This cookie only knows your latest cookie settings and does not reflect the current status of cookies in your browser.

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). We use an integration method that anonymizes your IP address. Google Analytics uses cookies to analyze your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted and stored on a Google server in the United States.

Google uses this information to evaluate your use of the website by providing website activity reports to website operators. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
Google will not associate your IP address with any other data held by Google. See the Google Privacy Policy at the following link: www.google.com/analytics/learn/privacy.html. Google has developed a browser add-on that can help prevent the use of your Google Analytics JavaScript data (ga.js, analytics.js, dc.js).
You can download it here: tools.google.com/dlpage/gaoptout.

4. Additional information on opting out of cookies

You can always block the use of some or all of the cookies we use on our website, but this may affect its functionality. The cookie settings box is located at the bottom of this page. After selecting the settings, you can reset the cookie settings at any time also at the bottom of this page. Additionally, you can accept or decline some or all cookies by adjusting your browser settings.

At the following links you can find information on how to change the settings for some of the most commonly used web browsers: Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Apple Safari, Opera. Some browsers allow you to surf in "anonymous" mode, limiting the amount of data stored on your computer and automatically deleting persistent cookies placed on your device when you end your browsing session.

There are also many third-party applications that you can add to your browser to block or manage cookies. You can also delete cookies that were previously set in your browser by selecting the option to clear your browsing history while enabling the option to delete cookies.

You can find more detailed information about cookies and browser settings at www.allaboutcookies.org.

- Article 12

Final provisions

Tosh design may change this Policy.
This version of the Privacy Statement applies from May 2, 2022.
All changes to this Statement will be posted on this website.