Who we are

We are Jelena and Andrej, owners of a small gift shop Medusa located in the Old Town Dubrovnik (Medusa Gift Shop, VAT: 17990043701, Address: Prijeko 18, 20000 Dubrovnik, Croatia). Thank you for visiting our web site www.medusa.hr. Firstly, we would like to point out that your privacy is very important to us. You’ve placed your trust in us by using our products, and we value that trust. That means we don’t ask for personal information unless we truly need it. We don’t share your personal information with anyone except to comply with the law. We don’t store personal information on our computer or any server, except your emails, which we delete every 5 years, and invoices, which we are legally obliged to keep for book keeping purposes for 10 years.

This privacy policy applies to all visitors and customers using or accessing our web site www.medusa.hr. It describes how we use and process your personal data, hopefully provided in a readable and transparent manner. Please contact us at info@medusa.hr if you have questions about your personal data, which we are more than happy to answer.

We might amend the Privacy & Cookie Policy from time to time. Make sure to visit this page regularly to know exactly where you stand.  If you disagree with this Privacy Policy, you should discontinue using this website.

Collecting Your Personal Information

We do not collect any personalized data automatically (i.e. through cookies). We only collect data via contact form available on the website and emails you send use. We use the data you’ve sent us to prepare an offer for you. The amount and type of information that we gather depends on the nature of the interaction. For example, when you buy our products and pay via bank transfer we can see basic information related to your bank account from which the deposit was made. We do not collect or store this information.

We use email marketing to communicate with customers and potential customers from time to time. All email lists and campaigns are “opt-in” meaning we will not send you these sorts of emails unless you indicated that you wish to receive them on our website.

Personal Data Collection & Management

We do not collect any personalized data automatically (i.e. through cookies). We only collect data via booking & contact forms available on the website and emails you send use. We use the data you’ve sent us to prepare an offer for you. The amount and type of information that we gather depends on the nature of the interaction. For example, we may ask you to make deposit payment which means we can see basic information related to your bank account from which the deposit was made. We do not collect or store this information.

We use email marketing to communicate with customers and potential customers from time to time. All email lists and campaigns are “opt-in” meaning we will not send you these sorts of emails unless you indicated that you wish to receive them on our website.

Cookies Policy

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. This website uses cookies to give you the best experience. The Cookie Policy Plugin on our web site is set to block all the cookies until you approve them. We kindly ask you to approve the cookies since certain features of the website may not function properly without the aid of cookies. We do not collect any personal information via cookies. All information we receive is agregated.

So-called “first-party cookies” are cookies served by the entity operating the domain through which the cookie is served. Rentalosinj.com’s own cookies are therefore “first-party cookies.” In case I allow others to service cookies through my website, these cookies are so-called “third-party cookies.” In addition, there’s a difference between session cookies and permanent cookies. Session cookies only exist until you close your browser. Permanent cookies have a longer lifespan and aren’t automatically deleted when you close your browser.

This website uses first-party cookies which are simple session cookies only active while you are on the web site. It also uses third-party Google Analytics cookies for tracking visitors and aggregating information about the traffic to our websites. The Google Analytics privacy policy can be found here:  https://policies.google.com/privacy. All the information collected via Google Analytics is deleted after 26 months.

This website also uses sharing plugin which takes you to other websites (e.g. Facebook, Twitter and similar). These websites may use cookies which do collect personal information so please make sure to read their Cookies Policies as well.

Sharing Your Personal Information

We do not disclose potentially personally-identifying and personally-identifying information to anyone. We will never sell your personal data to anyone.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities to meet national security or law enforcement requirements.

If we are ever to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we will provide you with an opt-out choice to limit the use and disclosure of your personal data.

Your Right To Be Forgotten

If you have been using our services or you have contacted us via contact form and/or email, you can request to see or download the data we have about you. Typically the data will be your email address, name and surname. For paying customers, this will also include payment history.

You can also request “to be forgotten” and I will erase any personally identifiable data we have about you. Of course, this excludes data we need for administrative or security purposes or if we are required by law to retain some of the data.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his/her query to  info@medusa.hr. We will respond within a reasonable timeframe, not to exceed one week.

Data Breach Procedures

Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report such incident to any required data protection authority. We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.