Privacy Policy

Last updated: 19 June 2026

This Privacy Policy explains how Luminastart j.d.o.o., operating the Irena Art Prints website, collects, uses, stores and protects your personal data when you visit www.irenartprints.com, purchase a product, subscribe to our emails or contact us.

1. Data controller

The controller responsible for processing your personal data is:

Luminastart j.d.o.o.
Drašnička 6
10000 Zagreb
Croatia

OIB: 60810227735
Email: info@irenart.studio

2. Personal data we collect

Depending on how you interact with our website, we may collect the following personal data:

Information you provide directly

  • full name;

  • email address;

  • telephone number, where provided;

  • billing address;

  • delivery address;

  • country of residence;

  • order number and order details;

  • products purchased;

  • payment status and transaction information;

  • newsletter subscription preferences;

  • correspondence and customer-support messages;

  • information submitted in withdrawal, return or refund requests.

Payment information

Payments may be processed through third-party payment providers such as Stripe and PayPal.

We do not normally receive or store your complete payment-card details. These details are processed directly by the relevant payment provider in accordance with its own privacy and security practices.

Technical and usage information

When you visit the website, certain technical data may be collected automatically, including:

  • IP address;

  • browser type and version;

  • device type;

  • operating system;

  • approximate geographic location;

  • pages visited;

  • date and time of visits;

  • referring website or source;

  • interaction with pages, forms and links;

  • cookie preferences and consent status.

3. How we use your personal data

We may process your personal data for the following purposes:

Processing and fulfilling orders

We use your personal data to:

  • process your order;

  • confirm payment;

  • prepare and dispatch products;

  • communicate delivery information;

  • issue invoices and accounting records;

  • manage withdrawals, returns, refunds and complaints;

  • provide customer support.

The legal bases for this processing are the performance of a contract and compliance with applicable legal obligations.

Newsletter and marketing communications

When you actively subscribe to our newsletter or otherwise provide valid marketing consent, we may use your name and email address to send:

  • news about Irena Art Prints;

  • information about new artworks and collections;

  • promotional offers;

  • artist stories and studio updates;

  • relevant product and business announcements.

The legal basis for this processing is your consent.

You may withdraw your consent at any time by clicking the unsubscribe link included in our marketing emails or by contacting us at info@irenart.studio.

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

Customer service and communication

We use information provided through emails, forms or support requests to answer questions, provide assistance and resolve issues.

The legal basis may be the performance of a contract, our legitimate interest in providing effective customer support, or compliance with legal obligations.

Accounting, taxation and legal compliance

We may process and retain information necessary to:

  • issue and retain invoices;

  • maintain accounting and tax records;

  • comply with fiscalisation and financial-reporting obligations;

  • establish, exercise or defend legal claims;

  • respond to lawful requests from competent authorities.

The legal basis is compliance with legal obligations and, where applicable, our legitimate interests in protecting our legal rights.

Website analytics and improvement

We use Google Analytics to understand how visitors use our website and to improve the content, functionality, performance and customer experience.

Google Analytics may collect information such as:

  • device and browser information;

  • approximate location;

  • pages visited;

  • session duration;

  • referring source;

  • interactions with the website.

For visitors in the European Economic Area and other jurisdictions where consent is required, Google Analytics is used only after the visitor has provided the required consent through the cookie banner or consent-management settings.

The legal basis for this processing is consent.

You may withdraw or change your analytics consent at any time through the cookie settings available on the website.

4. Cookies and similar technologies

Our website may use cookies and similar technologies for:

  • essential website functions;

  • remembering cookie and privacy preferences;

  • checkout and payment functionality;

  • security and fraud prevention;

  • website analytics;

  • measuring website performance.

Essential cookies may be used where they are necessary for the website or checkout to function.

Non-essential cookies, including analytics cookies, will be used only after the required consent has been obtained.

Further information about the cookies and technologies used on the website will be provided in our Cookie Policy and cookie-consent settings.

5. Service providers and recipients

We may share personal data with trusted third parties where necessary to operate the website, fulfil orders and comply with legal obligations.

These recipients may include:

Systeme.io

Systeme.io may be used to host website and funnel pages, forms and related website functions.

ThriveCart

ThriveCart is used to operate checkout pages, process order information and provide customer-hub, withdrawal and transaction-related functionality.

Payment providers

Stripe and PayPal may process payment and transaction information.

MailerLite

MailerLite is used to manage newsletter subscriptions, email lists, marketing communications and unsubscribes.

Google Analytics

Google Analytics is used, subject to applicable consent, to measure and analyse website use.

Make and e-Računi

Make and e-Računi may be used to transfer order information, prepare invoices, fulfil accounting requirements and support fiscalisation.

Delivery providers

We may share the recipient’s name, address, contact details and shipment information with postal or courier services where necessary to deliver an order.

Professional advisers

Personal data may be disclosed to accountants, bookkeepers, legal advisers, IT providers or other professional service providers where reasonably necessary.

Public authorities

We may disclose data to tax authorities, courts, regulators, law-enforcement bodies or other competent authorities where required by law.

Service providers may process personal data only for the relevant services and under applicable contractual and data-protection obligations.

6. International transfers

Some of our service providers may process or store personal data outside Croatia or outside the European Economic Area.

Where personal data is transferred to a country that has not been recognised as providing an adequate level of data protection, we seek to rely on appropriate safeguards, such as:

  • European Commission adequacy decisions;

  • European Commission Standard Contractual Clauses;

  • supplementary technical and organisational measures;

  • another lawful transfer mechanism permitted by data-protection law.

Further information about the safeguards used by an individual service provider may be available in that provider’s privacy documentation.

7. How long we retain personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy.

Retention periods may vary depending on the type of information and applicable legal obligations.

In general:

  • order, invoice, payment and accounting information is retained for the period required by applicable tax, accounting and commercial laws;

  • delivery and customer-service information is retained for as long as necessary to fulfil the order and handle possible claims;

  • withdrawal, return, complaint and refund information may be retained for the applicable limitation or legal-retention period;

  • newsletter information is retained until you unsubscribe or withdraw your consent, subject to limited records needed to demonstrate consent or honour an unsubscribe request;

  • analytics information is retained in accordance with the retention settings configured in Google Analytics;

  • technical and security records are retained only for the period reasonably necessary for website security, fraud prevention and troubleshooting.

We may retain certain information for a longer period where necessary to comply with legal obligations or establish, exercise or defend legal claims.

8. Your data-protection rights

Subject to the conditions and limitations of applicable law, you may have the right to:

  • receive information about how your personal data is processed;

  • request access to your personal data;

  • request correction of inaccurate or incomplete data;

  • request deletion of your personal data;

  • request restriction of processing;

  • object to processing based on legitimate interests;

  • receive certain personal data in a structured, commonly used and machine-readable format;

  • request the transfer of eligible data to another controller;

  • withdraw consent at any time where processing is based on consent;

  • lodge a complaint with a competent supervisory authority.

To exercise your rights, contact us at info@irenart.studio.

We may request information reasonably necessary to verify your identity before acting on a request.

We will respond without undue delay and generally within one month of receiving a valid request. This period may be extended where legally permitted for complex or numerous requests.

Some rights are not absolute. For example, we may need to retain certain information to meet accounting, tax or other legal obligations.

9. Right to lodge a complaint

You have the right to lodge a complaint with the competent data-protection supervisory authority.

In Croatia, the supervisory authority is:

Croatian Personal Data Protection Agency - AZOP

You may also contact the supervisory authority in the EU or EEA country in which you live, work or believe that a data-protection infringement has occurred.

We encourage you to contact us first at info@irenart.studio so that we can try to resolve your concern.

10. Data security

We use reasonable technical and organisational measures designed to protect personal data against:

  • unauthorised access;

  • accidental or unlawful disclosure;

  • alteration;

  • loss;

  • misuse;

  • destruction.

However, no internet transmission or electronic-storage system can be guaranteed to be completely secure.

11. Children’s privacy

Our website and products are not directed specifically at children.

We do not knowingly collect personal data directly from children who are not legally able to provide valid consent under applicable law.

If you believe that a child has provided personal data to us without appropriate authorisation, contact us at info@irenart.studio.

12. Automated decision-making

We do not currently use personal data to make decisions based solely on automated processing that produce legal or similarly significant effects for you.

13. Third-party websites

Our website or emails may contain links to third-party websites.

We are not responsible for the privacy practices, content or security of those third-party websites. You should review their privacy policies before providing personal data.

14. Changes to this Privacy Policy

We may update this Privacy Policy when our services, technology, providers or legal obligations change.

The updated version will be published on this page with a revised “Last updated” date.

Material changes may also be communicated through the website or by email where appropriate.

15. Contact

For questions about this Privacy Policy or the processing of your personal data, contact:

Luminastart j.d.o.o.
Drašnička 6
10000 Zagreb
Croatia

OIB: 60810227735
Email: info@irenart.studio