Privacy Policy — Stimac Family Estate

Last updated: April 7, 2026

1. Introduction

Welcome to the Stimac Family Estate website. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable European Union data protection law.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have regarding your data.

Data Controller: Stimac Family Estate Contact: katarina@thebrandtale.com

2. What Data We Collect and Why

We collect personal data only for specific, explicit, and legitimate purposes. Below is an overview of each type of data we process.

2.1 Contact Form

When you submit a message through our contact form, we collect your name, email address, and the content of your message. We use this information solely to respond to your inquiry.

  • Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — responding to your request.
  • Retention: We retain contact form submissions for up to 2 years, after which they are deleted unless there is an ongoing relationship.

2.2 Email Newsletter

If you subscribe to our newsletter, we collect your email address. We use it to send you updates about the Stimac Family Estate project, milestones, and news.

  • Legal basis: Your consent (Article 6(1)(a) GDPR).
  • Retention: We store your email address until you unsubscribe. You can unsubscribe at any time by clicking the unsubscribe link in any newsletter email or by contacting us directly.

2.3 Webshop Purchases

If you make a purchase through our online shop, we collect your name, email address, billing address, shipping address, and payment information as necessary to process your order.

  • Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and compliance with legal obligations (Article 6(1)(c) GDPR) for tax and accounting purposes.
  • Retention: Order-related data is retained for 7 years to comply with EU accounting and tax requirements.

2.4 Donations and Payments

If you make a donation to support the restoration of the Stimac Family Estate, we collect your name, email address, and payment details sufficient to process the transaction.

  • Legal basis: Performance of a contract / your request (Article 6(1)(b) GDPR).
  • Retention: Donation records are retained for 7 years for legal and accounting purposes.
  • Note: We do not store full payment card details on our systems. Payment processing is handled by a third-party payment provider (see Section 4).

2.5 Cookies and Analytics

Our website uses cookies and similar tracking technologies to understand how visitors interact with the site and to improve the user experience.

  • Essential cookies: Required for the website to function. No consent needed.
  • Analytics cookies: Used to collect anonymized statistics about website usage (e.g., pages visited, session duration). These are only set with your consent.

Legal basis: Consent (Article 6(1)(a) GDPR) for non-essential cookies. You can manage or withdraw your cookie consent at any time through our cookie consent banner or your browser settings.

We may use tools such as Google Analytics. Where applicable, data is processed in accordance with data transfer safeguards (see Section 5).

3. How We Share Your Data

We do not sell, rent, or trade your personal data. We may share it with trusted third parties only where necessary to provide our services:

  • Payment processors (e.g., Stripe, PayPal) to handle purchases and donations securely.
  • Email marketing platforms (e.g., Mailchimp) to manage our newsletter list.
  • Analytics providers (e.g., Google Analytics) to help us understand website traffic.
  • Legal or regulatory authorities if required by law or to protect our legal rights.

All third-party service providers are bound by contractual obligations to handle your data securely and in compliance with GDPR.

4. International Data Transfers

Some of our third-party service providers may be located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission — to protect your data in line with GDPR requirements.

5. Your Rights Under GDPR

As an EU resident, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct inaccurate or incomplete data.
  • Right to erasure — You can request that we delete your personal data (“right to be forgotten”), subject to legal obligations.
  • Right to restriction of processing — You can ask us to limit how we use your data in certain circumstances.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to processing based on legitimate interests at any time.
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — You have the right to file a complaint with your national data protection authority. In Croatia, this is the Agencija za zaštitu osobnih podataka (AZOP): www.azop.hr

To exercise any of these rights, please contact us at: katarina@thebrandtale.com

We will respond to your request within 30 days as required by GDPR.

6. Data Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These include secure encrypted connections (HTTPS), access controls, and trusted service providers who maintain their own security standards.

However, no method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Children’s Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Links to Other Websites

Our website may contain links to external websites. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies separately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will always be published on this page with a revised “Last updated” date. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Stimac Family Estate Email: katarina@thebrandtale.com

This Privacy Policy was prepared in accordance with EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679.