Satori Acupuncture j.d.o.o. respects the privacy of its users and is committed to protecting personal data in accordance with applicable laws and regulations. Personal data is collected only when necessary (e.g., during product purchases) and is used solely for the purpose of fulfilling the order, communicating with the user, and pursuing the legitimate interests of the company.

---

CONTACT DETAILS OF THE DATA CONTROLLER

Satori Acupuncture j.d.o.o.
Draškovićeva 12, 10000 Zagreb
OIB: 63996062230
E‑mail: vesna@satoriacu.com
Web: www.satoriacu.com

Version: 3 July 2025

---

1. DATA CONTROLLER

Satori Acupuncture j.d.o.o. (hereinafter: “Satori” or “we”) processes personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Act on the Implementation of the GDPR, and other applicable regulations.

---

2. PURPOSES AND LEGAL BASIS OF PROCESSING

• Contract performance – provision of services, sale, and delivery of products

• Legal obligations – accounting and tax records

• Legitimate interest – service improvement, fraud prevention

• Consent – marketing communication (newsletter) and processing of special categories of data (health-related)

---

3. CATEGORIES OF DATA

• Identification and contact data

• Health data (with consent)

• Payment data (card token, IBAN – actual card numbers are processed exclusively within the CorvusPay system)

• Technical data (IP address, cookies, logs)

---

4. WEB SHOP AND PAYMENTS

Online payments are processed by CorvusPay. CorvusPay independently collects and processes card data in accordance with the PCI DSS Level 1 standard. Satori does not have access to card numbers. Data is transmitted via TLS encryption.

---

5. DATA RECIPIENTS

Data may be shared with:

• government authorities

• accounting services

• IT/hosting partners

• courier services

• payment service providers

…solely to the extent necessary for fulfilling the purpose.

---

6. STORAGE PERIOD

• Customer data is retained for 10 years

• Accounting documentation: 11 years

• Marketing consents: until revoked or 5 years after the last interaction

---

7. DATA SUBJECT RIGHTS

The data subject has the right to:

• access data

• rectification

• erasure

• restriction of processing

• data portability

• objection

• lodge a complaint with the Croatian Personal Data Protection Agency (AZOP)

Send requests to: vesna@satoriacu.com

---

8. PRIVACY POLICY AND RULES

Satori Acupuncture j.d.o.o. respects the privacy of its users and is committed to protecting personal data in accordance with applicable laws and regulations. Personal data is collected only when necessary (e.g., during product purchases) and is used solely for the purpose of fulfilling the order, communicating with the user, and pursuing the legitimate interests of the company.

---

9. DATA COLLECTION AND RETENTION POLICY

User data, including personal information, will not be shared with third parties unless legally required or necessary for service fulfillment (e.g., delivery, payment systems). Collected data is stored securely in accordance with technical and organizational security measures and is not retained longer than necessary for the purpose for which it was collected.

---

10. UPDATES

This Statement is subject to periodic updates. The updated version will always be published on the website www.satoriacu.com.