Shock Food & Cakes
Back to home

Privacy Policy

Last updated: 20 February 2026

1. Who we are

This Privacy Policy explains how Shock Food & Cakes ("we", "us", "our") collects and processes personal data of users of the mobile app and website shockbar.hr. We respect your privacy and process data in accordance with applicable regulations, including the General Data Protection Regulation (GDPR).

2. What data we process

Depending on how you use the service, we may process:

  • identification and contact details (e.g. name, email, phone number),
  • account and login data,
  • order data, selected items and payment information,
  • technical device and app data (e.g. error logs, app version),
  • support communications.

3. Why we process data

We process data in order to:

  • create and maintain your account,
  • receive and fulfil orders and process payments,
  • communicate order status and provide customer support,
  • ensure security and prevent misuse of our systems,
  • improve service quality and app functionality.

4. Legal basis

We process personal data where necessary:

  • to perform a contract or take steps at your request before entering into one,
  • to comply with our legal obligations,
  • for our legitimate interests (e.g. security, fraud prevention, service improvement),
  • based on your consent, where applicable.

5. Sharing data

We do not sell your data to third parties. We may share data with trusted processors who help us deliver the service (e.g. technical infrastructure, payment processing), only to the extent required for their function and with appropriate contractual safeguards.

6. Retention

We retain data for as long as necessary for the purposes it was collected, including legal, accounting and security obligations. After the applicable retention period, we delete or anonymise the data.

7. Your rights

Under applicable law you have the right to:

  • request access to your data,
  • request correction of inaccurate or incomplete data,
  • request erasure where conditions are met,
  • restrict or object to processing,
  • request data portability, where applicable,
  • withdraw consent at any time (for processing based on consent).

8. Data security

We apply reasonable technical and organisational security measures to reduce the risk of unauthorised access, loss or misuse of data. No system is entirely risk-free; we continuously monitor and improve our security practices.

9. Children's privacy

The service is not intended for children under 16. If we become aware that a child's personal data has been submitted without appropriate consent, we will take reasonable steps to remove it.

10. Changes to this policy

We may update this policy periodically to reflect legal or operational changes. The updated version will be published on this page with the date of last update.

11. Contact

For privacy and data protection enquiries, contact us at: podrska@shockbar.hr