Privacy Policy

This Privacy Policy explains how Mali Galečić d.o.o. ("we", "us", "Data Controller") collects, uses, stores and protects your personal data when you visit https://www.mali-galecic.com, use our web shop (product catalogue, cart, orders), register a user account or contact us.

We act in accordance with the Law on Personal Data Protection of the Federation of BiH, the Law on E-Commerce of the Federation of BiH, the Law on Consumer Protection of the Federation of BiH and other applicable regulations.

Data controller: Mali Galečić d.o.o.

Address: Šuica b.b., 80240 Tomislavgrad, Bosna i Hercegovina, Federacija Bosne i Hercegovina, Bosna i Hercegovina

Email: info@mali-galecic.com

Phone: +387 63 343 723

Website: https://www.mali-galecic.com

Company ID (JIB): 4281024610008 | VAT: 281024610008 | Registration no.: 1-7715

For all questions regarding personal data protection you may contact us using the details above.

Depending on how you use the website, we may process:

• Identification and contact data: name, email, phone number, delivery address.
• Customer data: customer type (individual or company), company name, company ID (JIB), company address (for business customers).
• Account data: login email, password hash (passwords are never stored in plain text), user role, profile data for orders.
• Order data: cart items, products, quantities, dimensions and specifications, notes, promo codes, order status, order history.
• Communication content sent via contact forms or email.
• Technical data: IP address, browser type, operating system, language, access time, referrer URL (server logs).
• Cookie data – see our Cookie Policy.
• Browser local storage: cart contents under the key "mali-galecic-cart" – stored only on your device and not sent to our servers until you submit an order.

We process your data only for the following purposes:

• Providing information about sawmill services, sawn timber and wood products – legitimate interest.
• User registration and authentication via the better-auth system – contract performance and pre-contractual measures at your request.
• Processing and fulfilling orders via the web shop – pre-contractual measures and contract performance.
• Managing user profiles, promo codes and order history – contract performance and legitimate interest.
• Communication regarding orders, quotes or enquiries – pre-contractual measures, contract performance or legitimate interest.
• Responding to contact enquiries – pre-contractual measures or legitimate interest.
• Compliance with legal obligations (accounting, tax records, consumer protection) – legal obligation.
• Security and technical operation of the website and admin interface – legitimate interest.
• Website analytics – only with your explicit consent via the cookie banner, if such a service is introduced in the future.

We do not sell your data. We may share data only with:

• IT service providers (hosting, maintenance, email) acting as processors under contractual safeguards.
• Analytics providers (Google Analytics 4) – only if you have given cookie consent for analytics.
• Trusted delivery and transport partners – only to the extent necessary to deliver your order.
• Public authorities when required by law.

We do not transfer data to third countries outside Bosnia and Herzegovina without appropriate safeguards. If we introduce services involving such transfers in the future, we will inform you in advance and request consent where required.

We retain data only as long as necessary:

• Contact enquiries without an order: up to 3 years from the end of communication.
• User account and profile: while the account is active; after deletion, data is removed or anonymised within 30 days unless a longer retention period is required by law.
• Orders and contractual relationship: as required by accounting legislation – at least 5 years for accounting records.
• Server logs: up to 12 months.
• Cookie consent data: until withdrawal or cookie expiry.
• Cart data in localStorage (mali-galecic-cart): stored only on your device; deleted when you clear it or clear browser data.

Under applicable data protection law you have the right to:

• Information about processing.
• Access your personal data.
• Rectification of inaccurate data.
• Erasure where legal conditions are met.
• Restriction of processing.
• Object to processing based on legitimate interest.
• Withdraw consent at any time.
• Lodge a complaint with the supervisory authority.

Submit requests to info@mali-galecic.com. We will respond within 30 days of receipt.

You may lodge a complaint with Agencija za zaštitu ličnih podataka Bosne i Hercegovine (AZLP), Bana Milosavljevića 2, 78000 Banja Luka, email: office@azlp.ba, website: https://www.azlp.ba.

Please contact us first so we can try to resolve your request.

We apply appropriate technical and organisational measures to protect data, including HTTPS, better-auth authentication with password hashing, role-based access to the admin area and secure storage with trusted providers.

In the event of a security incident that may affect your data, we will notify you without undue delay as required by law.

The web shop and user accounts are not intended for persons under 18 without parental or legal guardian supervision. We do not knowingly collect data from minors. If you believe a minor has submitted an order or registered without supervision, please contact us so we can remove the data.

We may update this policy from time to time. The date of the last update is shown at the top of this page.

Mali Galečić d.o.o., Šuica b.b., 80240 Tomislavgrad, Bosna i Hercegovina, Bosna i Hercegovina

Email: info@mali-galecic.com

Phone: +387 63 343 723