Privacy Policy

Privacy notice

The purpose of this notice is to inform You about how we process Your personal data when You communicate with us or use our services, in accordance with the Regulation 2016/679 of European Parliament and the Council (hereinafter: General Data Protection Regulation).
Company Bocak d.o.o. is a data processor for the personal information we process (unless otherwise stated), with the following information:

Headquarter address:
Fan & Fan Shop
Zagrebačka avenija 104, 10000 Zagreb,
Tel.: +38514814593

Data protection officer:
Tel.: +38514814593
E-mail address:

The information You provide

Most of the personal information we process we obtain directly from You due to one of the following:
  • You’ve subscribed to our newsletter
  • You’ve bought our product
  • You’ve ordered our product
  • On a contractual basis
  • You’ve contacted us for business cooperation
  • You’ve sent an inquiry or complaint
  • You want to attend our event
  • You use our services at
    • You are searching for products or services
    • You order products or services of Fan & Fan Shop, Bocak d.o.o.
    • You are downloading our content or browsing our website
    • You provided personal and contact information on Your profile after the registration
    • You are using a wish list
    • You are ordering a product to another person’s address
    • You are reviewing products

As a result, you provide information such as Your name, surname, address, delivery address and phone number, payment information, location, and e-mail contents You’ve sent to us.

Automatically processed data
We automatically receive and process certain data types when you use our website via cookies and other unique identifiers and receive certain types of data when your web browser accesses

Examples of data we collect and analyze include:
  • the Internet Protocol (IP) address used to connect the computer to the Internet;
  • username, email address, password;
  • the location of your device or computer;
  • information on the interaction of content, such as content downloads, streams, including the duration and number of simultaneous streams and downloads, and network details on the quality of streaming and downloads, including information on the Internet service provider;
  • device information such as device usage, application usage, connection data, and any errors or malfunctions;
  • history of purchasing and using content, which is sometimes collected with similar information from other clients to create features such as Best Seller books;
  • Uniform Resource Locators (URL) traffic data:
  • when you arrive at our website via the link,
  • when you click on a link on our website (whether you stay on our website or go further) including the date and time;
  • number of cookies;
  • products and/or content that you have viewed or searched, page response times, download errors, duration of visits to specific pages, information about the interaction of the page (such as scrolling, clicks and mice),
  • we may also use device identifiers, cookies and other technologies on devices, applications and our websites to collect browsing, use or other technical information for the purpose of fraud prevention.

Information acquired from other sources

Examples of information from other sources include:
  • updated delivery address information from our delivery workers, which we use to correct stored delivery information to facilitate the delivery of Your next purchase;
  • Your delivery information obtained from the Customer during gift purchasing;
  • Our employees provide Your contact information to be used as an emergency contact.

Data subject rights

In case we are processing Your information, You reserve the following rights at all times:
  • The right to access the information;
  • The right to be informed of personal data processing;
  • The right to data portability;
  • The right to restrict processing;
  • The right to object;
  • The right to rectification and change of personal data in case the data is inaccurate or incomplete;
  • The right to erasure (also known as the right to be forgotten) in cases when the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, withdrawals of consent or objection to processing.

If you wish to exercise one of the above rights, please contact us:
By mail at Fan & Fun Shop, Zagrebačka avenija 104, 10000 Zagreb
By e-mail at

Sharing personal information
Information about our clients is an integral part of our business, and we shall not sell the personal data of our clients to others. We shall not share your information with third parties for direct marketing purposes. We use Data Executors who are third parties, and they provide us with elements of services. We have contracts with our Data Executors. That means they can’t do anything with personal information unless we have referred it. They shall not share your personal information with any organization other than us. They shall process them safely and only for a period when we allow them. Examples include package delivery, sending mail and email, removing duplicate data from customer lists, analyzing data, providing marketing assistance, transferring content, and providing customer service. These third-party service providers have access to the personal data necessary to perform their functions but may not use them for other purposes. Furthermore, they must process personal data following this Privacy notice and in accordance with applicable personal data protection regulations and laws. In some circumstances, we are legally required to share information. For example, according to a court order or where we cooperate with other European supervisory authorities in resolving complaints or investigations. We may also share information with other regulatory bodies to advance our or their objectives. In any case, we shall make sure we have a legitimate basis to share the information and document our decision-making. Transfer from the European Economic Area Whenever we transfer personal data outside the EU during the sharing of information as above, we shall ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable personal data protection laws and regulations. When you give us an email address (e.g. Gmail) that uses email servers outside the European Union as your contact information, we shall display the email's content outside the EU.

Links to other websites
The website may include third-party advertising and links to other websites. In the case of links to other websites and third-party advertising, we encourage you to read the privacy notices on other websites you visit. Targeted or personalized ads (interest-based ads) are based on user interests. Using targeted ads, we show ads for products and services that may be of interest to you. What information do we use to show interest-based ads? To offer you interest-based ads, we use information such as your interactions with the Bocak Ltd. website, content or services. When we display targeted ads, we do not associate the above information collected with your personal information such as your name, surname, email, and we shall not pass on your personal information to an advertiser or third party displaying the targeted ad. Advertisers may assume that users who click to interact with the targeted ad or content are part of the target group (for example, users in a specific geographic area or users who have purchased classical music). Some third parties may provide us with information about you (such as demographic information or sites where your ads have been displayed) through which we may provide you with more relevant and useful advertising. As is common in the advertising industry, we use cookies, pixels, and other technologies (collectively “cookies”) that allow us to understand the performance of the targeted ads we display to you, by measuring ads that are clicked or viewed, and to provide you with more useful and relevant ads. For example, if we know which ads are showing in your browser, we may be careful not to show the same ads more than once. Advertisers who are third parties or advertising companies working on their behalf sometimes use cookies in the process of delivering content, including ads, directly to your browser or device, and may automatically receive an IP address when this happens. They may also use cookies to measure the effectiveness of their ads and to display more relevant advertising content. For information on how to control and delete cookies (including third-party cookies), and information on third-party cookies that may set cookies, please see our cookie notice.

How do we work with third parties to show you interest-based ads?
We work with third parties, such as advertisers, publishers, social media, ad serving companies, and advertising companies, to work on their behalf to improve the relevance of the ads we display. In providing targeted third-party ads, we share your interests with a third party but do not associate them with identifiable information, and we do not provide any information that reveals your identity to advertisers displaying targeted ads.

Website visitors

When you visit, we use third-party service, Google Analytics, to collect standard Internet records and details of visitors’ behavioural patterns. We do this to learn the number of visitors in different website sections. This information is being processed in a way that prevents identification. We do not attempt nor allow Google to make any attempts to identify our website visitors.

To find out more about cookies, click on the link.
Processing purpose and legal basis
The purpose of the above-mentioned processing is to help us maintain and track our website performance and to continuously improve our site and services we provide to our customers.
What are your rights?
Considering we process Your personal data for our legitimate interests, as stated above, you have the right to object to our processing. There is a good reason we may reject your objection, depending on why we are processing it.

Registered users
We process Your personal information obtained through Your registration (name, surname, e-mail address) according to our Privacy Notice. You can add you phone number and address to Your profile. You are not required to provide your phone number, but keep in mind that in case of purchasing, e-mail communication may not allow for timely interaction, and may result in the delay of Your delivery. Furthermore, You are not required to provide Your address; however, if You don’t enter Your address, You will not be able to purchase products from our webshop.
You are not required to provide Your information, however, without registration, You will not be able to purchase from our webshop or add to the wish list.
When you add a product to Your wish list, products will be linked to Your user account. We keep Your wish list until you remove all items from the list or delete the user account, but no longer than 5 years after the last login into Your user account. You retain the right to unregister here at all times (add a delete button). However, when You delete a registration, You will not be able to purchase or create a wish list on our webshop. Your personal information obtained through registration will not be disclosed to any third parties, except in the case of an order, when we share Your information (name, surname, address and phone number) with the delivery service. Your personal information obtained through registration are stored until You delete the registration, but no longer than 5 years since the last login into Your user account.

Personal information obtained through Your order (name, last name, address, delivery address, INBAN) are processed according to our Privacy Notice and used to complete the order. You are not required to provide information, but in that case, You will not be able to complete the order. We will not disclose Your personal data provided during order to third parties, except when we share Your (name, last name, address and phone number) with the delivery service to deliver your product successfully. When you choose card payment, use CorvusPay on our web store - an advanced system for secure acceptance of payment cards via the Internet. CorvusPay ensures the complete confidentiality of your card data from the moment you enter it in the CorvusPay payment form. Payment information is forwarded encrypted from your web browser to the bank that issued your card. Our store never comes into contact with complete details about your payment card. Also, the data is inaccessible even to CorvusPay system employees. The isolated core independently transmits and manages sensitive data, keeping it completely secure. The form for entering payment data is provided with the SSL transport code of the highest reliability. All stored information is additionally protected by encryption, using a cryptographic device certified according to the FIPS 140-2 Level 3 standard. CorvusPay meets all requirements related to the security of online payments prescribed by leading card brands, i.e. it operates following the standard - PCI DSS Level 1 - the highest security standard of the payment card industry. When paying with cards included in the 3-D Secure program, your bank, in addition to the validity of the card itself, additionally confirms your identity using a token or password. Corvus Info considers all collected information to be a bank secret and treats it accordingly. The information is used exclusively for the purposes for which it is intended. Your sensitive data is completely secure, and state-of-the-art security mechanisms guarantee its privacy. Only the data necessary to perform the work in accordance with the prescribed demanding procedures for online payment are collected. The security controls and operating procedures applied to our infrastructure ensure the current reliability of the CorvusPay system. In addition, by maintaining strict access control, regular security monitoring and in-depth checks to prevent network vulnerabilities, and the planned implementation of information security provisions, they permanently preserve and improve the level of system security by protecting your card data.

Managing the contact information
We receive Your contact information when:
  • You call our number
  • You contact us via social media
  • You send an e-mail

Data processing in case of an inquiry or claims
In cases of inquiry or claims, the personal information we collect by phone, e-mail, social media, mail and contact form is used solely to process the complaint or inquiry and assess the quality of service provided.

By subscribing to our newsletter, You allow us to contact You by e-mail according to Your settings. We process Your e-mail information according to our Privacy notice and will not disclose it to third parties. The purpose of collecting Your e-mail is to send notifications about new products, promotions and discounts, recent blog posts and event announcements. You are not required to subscribe to our newsletter and have the option to unsubscribe at all times.