Privacy policy

Who we are



Company Ozon Media d.o.o. (hereinafter referred to as "Ozon Media", “we”, “our”) is pleased about your visit to the website as well as your interest in the company and its offers. We take the protection of your private data seriously and we want you to feel comfortable visiting our sites

Below we inform you about what data we store about you when using our website and how this data is used. If our website contains links that lead you to the website of another provider, our privacy policy is not applicable to the redirected website.

By accepting the following privacy policy you agree on the collection, processing and use of your personal data by Ozon Media under consideration of the data protection law / General Data Protection Regulation (GDPR) and the following terms and conditions.

Please take enough time to carefully read this note.



Controller is the subject that is responsible for the processing of your personal data and who is deciding over the purposes and means of the processing of your personal data. In this case the data controller is:

Ozon Media
Radnička cesta 47
10000 Zagreb
Phone: (+385) 01 7987 424


You can contact our data protection officer at

If you want to object to the collection, processing or use of your personal data by Ozon Media in accordance with the data protection law, you can send your objection via e-mail to the address stated above. This may result in the service no longer being usable.

With your objection, further use of the website may not be possible for technical reasons.


Your rights

You have the right to receive explicit information from Ozon Media about the personal data we have stored about you, free of charge.


In addition, you have the following rights:

▪          Right of access – The right to know what data was collected and how it is processed

▪          Right to rectification – The right to request the modification of personal data if it is not up to date

▪          Right to erasure – The right to request the deletion of personal data

▪          Right to restriction of processing – The right to limit processing of personal data

▪          Right to data portability – The right to transfer personal data in a machine-readable format

▪          Right to object – The right to withdraw from given consent or object to the processing of personal data

▪          Right to lodge a complaint to the supervisory authority – The right to submit a complaint against Ozon Media at a supervisory authority, which can be either the responsible authority of Ozon Media as named below or any other supervisory authority within the EU.


The responsible supervisory authority for Ozon Media is:

Agencija za zašitu osobnih podataka (AZOP)

Martićeva 14

HR - 10 000 Zagreb



You can also send your complaint to the supervisory authority in your habitual residence or place of work.

If you would like to exercise your rights as a data subject, please do not hesitate to contact us under the contact information provided above.


When, why and how we collect your data

We also have to collect, process, store and sometimes even share different personal data in order to be able to offer you our services and provide services. Below you can see which of your data we need for which purposes and under which circumstances we share your data with others.

Personal data is information from which we can directly or indirectly relate to your person, such as first and last name, address, phone number, date of birth, location data or e-mail address.


Please give us just the information that we absolutely need.

Since we want to give you a good overview of the details, we use the table form. We think this will enable us to provide you with the information in a transparent, understandable and easily accessible form in a clear and simple language.


Below we would like to show you which of your data we collect. Since there are different types of data, we have grouped them into data categories as we believe that the information is so more understandable.


Personal data we collect when visiting our website

When you open our website to get inspiration for your next order but do not register or order as a guest we collect the following personal data:


Categories of data


Device information

Device-ID, operating system and corresponding version or other device identifiers

Connection data

Time, date and duration of website use, origin, corresponding IP address and other protocol data


This information is collected to show you the visited website. We also limit ourselves to what is absolutely necessary to ensure that we comply with a principle of data processing, namely data minimisation.


Personal data we collect when visiting our website and registring

As you could see above, we follow the minimum principle. The less information, the better. All data collected is strictly bound to clearly defined purposes. If you not only visit the website but also want to log in to see for example your old orders, we collect the following personal data:


Categories of data


Access data

Username, User-ID, Password

Device information

Device-ID, operating system and corresponding version or other device identifiers

Connection data

Time, date and duration of website use, origin, corresponding IP address and other protocol data

Communication data       

Comments, ratings or feedback, communication data (e.g. e-mail communication)

Other information

Data that you provide us voluntarily while using the website, app or related activities, but also from other sources such as social media or other (public) databases (e.g. User-ID of other platforms)


If you provide us with personal data of another person, you must obtain that person's prior consent. In this case, you must inform these persons about how we process personal data in accordance with our privacy policy.


Personal data we collect when visiting our website, registring and ordering

To take advantage of all the benefits we offer, you can also log in and place your order. As you can imagine, more data will be collected according to the information you provide. The fields required for order processing are marked as mandatory. Without this information we cannot process your orders. All other information not shown as mandatory fields is optional. If you voluntarily provide us with this information, you will help us improve our service to you. However, omitting this information has no detrimental effect on you. The extent depends on the information you provide. But the basic information is as follows:


Categories of data


Access data

Username, User-ID, Password

Account information (necessary for delivery services)

First name, last name, company (optional), address, phone number and/or e-mail address

Communication data       

Comments, ratings or feedback, communication data (e.g. e-mail communication)

Connection data

Time, date and duration of website use, origin, corresponding IP address and other protocol data

Device information

Device-ID, operating system and corresponding version or other device identifiers, geolocation data

Order information

Order history

Other information

Data that you provide us voluntarily while using the website, app or related activities


What the defined purposes and what the legal bases are

As we have already informed you above, we only collect your personal data when it is necessary and the purpose is lawful and previously defined. The information in (brackets) is the legal basis on which we base the respective processes. Below we would like to give you more information for the purposes and legal basis:


What the purpose is

Why we process data for this purpose

Customer support

When you contact our Customer Service to obtain information or to complain, we store the information you provide to us. For example, the reason for contacting us, which order you did not like or on which delivery something was missing. Depending on the reason of the contact, the personal data may vary. As we want to improve our service for you, we store the communication in your account. This way we can answer your questions faster and more satisfying.


Categories of personal data:

Account information
Access data
Communication data
Other information


Legal basis:
This information is required to fulfill our order obligations and to deliver the food to you (contract fulfillment).

But it is also in our business interest to give you the best takeaway experience (legitimate interest).

Ordering and delivery process

After you have placed your order, some processes are running in the background. We assign your order to your account depending on whether you are a registered customer or a guest. We send your order to the respective restaurant and check whether the order has been delivered to you.


Categories of personal data:
Access Data
Account Information
Connection Data
Communication Data
Device Information    
Order Information
Other Information


Legal basis:

In order to deliver your order and to notify our partner restaurants we need your personal data (fulfilment of contract).

Security and protection

We want to offer you and all our customers the best service. Unfortunately, not every visitor to our website is as friendly as you. For this reason, in order to protect our services, we must collect personal data that helps us identify potential attackers and thereby avert risks. We also save that we have informed you about the privacy policy. To this end, we note in your account that you have received the corresponding information and that the privacy policy has been made available to you.


Categories of personal data:

Connection data
Access Data


Legal basis:

We are legally obliged to protect your data appropriately (compliance with legal obligation) and the protection of our company is in our interest (legitimate interest).


Further processing based on our legitimate interest

In addition to the purposes and legal bases mentioned above, we also process your personal data out of so-called legitimate interest. A mainly legitimate interest is for example the processing of personal data within a group of companies, processes for network and information security or in direct marketing activities.

We use your personal data to pursue our legitimate interests, provided your rights and freedoms do not prevail. In order to reconcile our interests with your rights, we have introduced appropriate control mechanisms. The processes described below have been subjected to a four-way test to ensure that your rights and freedoms are not affected by our processing. As part of the 4-way test, we first check whether the data collected is (a. Personal Data Test) personal data. Then we test whether the purpose is legitimate (b. (Purpose Test) and the personal data to be collected comply with the principles of data processing (c Necessity Test) and finally a balance of interests (d. Balancing Test). Only if we can reasonably assume and also ensure that we can protect your data from any risks, we will process them on the legal basis of legitimate interest. These processes include:


Process based on legitimate interest



We will email you to offer you coupons, discounts and promotions, conduct opinion polls and surveys to improve our service. You can object to the further processing of the data for advertising purposes with every e-mail. Of course, you can also contact our data protection officer directly at if you wish to object to the processing of your data for advertising purposes or for further information on this question.


E-Mail Marketing

We want to prevent generic newsletters and uncontrolled marketing measures. Therefore, we select the deals that suit your interests and contact you if we believe the information might appeal to you. You can object to the further processing of the data for advertising purposes with every e-mail. Of course, you can also contact our data protection officer directly at if you wish to object to the processing of your data for advertising purposes or for further information on this question.


Measurement Data

In order to improve our services we will collect different measurement data, which we cannot assign to you or to a profile. This helps us to optimize our advertisements.


Merger & acquisition, change of ownership

We would also like to inform you that in the event of a merger with or acquisition by another company, we will disclose information to that company. Of course, we will require the company to comply with the legal data protection regulations.


Other information

If you voluntarily decide to share information with us that goes beyond the mandatory information, we are of course happy. In this way, we can continue to improve our service. This is data that you provide voluntarily when you use our website, our apps, but also information from other sources such as social media or other (public) databases (e.g. User-ID of other platforms).


Quality Assessment                                    

To offer you continuously better services, we regularly evaluate the success or potential causes of unsuccessful marketing measures. For this we analyze for example whether our newsletters are opened and the contents are also clicked.


When we delete your data

We generally delete your data after the purpose has been fulfilled. The exact deletion rules are defined in our regional deletion concepts. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned rule deletion periods to them. The data collected is marked with a deletion rule. When the retention period is met, the stored data will be deleted accordingly.


We will delete your personal data either if you wish and let us know or three years after we collect your data. If your account is inactive for three years, we will also delete your account. Before this happens you will receive a separate notification from us to the e-mail address registered in your user account.


In addition to the deletion rules defined by us, there are other legal retention periods which we must also observe. For example, tax data must be kept for a period of between six and ten years or even longer in some cases. These special retention periods vary according to local legal requirements.


Therefore, despite your request for deletion of your data, we may still have to store some of the stored data due to legal regulations. In this case, however, we will restrict data from further processing.


Who we share your data with

In the following section we would like to inform you to whom and under which conditions we will transfer your data. Furthermore, we would also like to be transparent with regard to the countries to which we transfer your data.


Which third parties have access to personal data

We never give your data to unauthorized third parties. However, as part of our work we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data. However, before we forwarding personal data to these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate proofs.


In the following we would like to inform you in a transparent and understandable way about all our data recipients with the respective reasons:


Data recipient


External service provider

As we have already indicated to you above, we do not only communicate within our group members but also to external service providers. They support our business operations in evaluating and optimizing our marketing campaigns, but also in providing personalized advertising,providing IT solutions and infrastructure or the security of our business operations, such as identifying and resolving malfunctions.


Members of the Delivery Hero AG Group

Within a group it is sometimes necessary to use resources effectively. In this context, we support each other within our Group in optimizing our processes. Since even the knowledge of personal data represents data processing, we would like to inform you fairly that selected employees of other group members may also have limited access to customer data.

In addition, we provide joint content and services. This includes, for example, the technical support of systems.

You will not receive unrequested newsletters or other marketing information from other members of the group.


Prosecuting authorities and legal proceedings

Unfortunately, it can happen that a few of our customers and service providers do not behave fairly and want to harm us. In these cases we are not only obliged to hand over personal data due to legal obligations, it is of course also in our interest to prevent damage and to enforce our claims and to reject unjustified claims.



Which countries we transfer your data to

We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers mentioned above are based outside the EU and the EEA.

The GDPR has high requirements for the transfer of personal data to third countries. All our data receivers have to measure up to these requirements. Before we transfer your data to a service provider in third countries, every service provider is first assessed with regard to its data protection level. Only if they can demonstrate an adequate level of data protection will they be shortlisted for service providers.


Regardless of whether our service providers are located within the EU/EEA or in third countries, each service provider must sign a data processing agreement with us. Service providers outside the EU/EEA must meet additional requirements. According to Art. 44 ff. GDPR personal data may be transferred to service providers that meet at least one of the following requirements:


  • Commission has decided that the third country ensures an adequate level of protection (e.g. Israel and Canada)
  • Standard data protection clauses adopted:

These are contractual clauses which cannot be modified by the contracting parties and in which they undertake to ensure an adequate level of data protection


  • Approved certification mechanism:


Under international agreements, companies can be certified according to defined criteria. One of these certifications is the EU-US Privacy Shield Agreement.

On the following link you can see certified companies:


We will only transfer your data to service providers who meet at least one of these requirements. If we transfer data to third countries, these are mainly companies based in the USA or Israel.


Information about our cookies

Definition of cookies and what cookies we use

In order to make the visit of our website/app attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website/app.


What categories of cookies do exist?

Strictly necessary cookies are needed so that you can move around a website/app and use its features. Without these cookies, functionality cannot be guaranteed, such as actions taken during a visit (e.g. text entry), even when navigating between pages on the site.

Functionality cookies allow a website/app to save information already provided (such as user name, language selection, or the location you are in) and improve the user's ability to offer personal features. These cookies collect anonymised information and cannot track your movements on other websites.

Performance cookies collect information about the use of a website/app - for example, which pages a visitor visits most often and whether he receives error messages from a page. These cookies do not store information that allows identification of the user. The collected information is aggregated and anonymous. These cookies are used exclusively to improve the performance of a website/app and thus the user experience.

Cookies for marketing purposes are used to play more targeted advertising relevant to the user and adapted to his interests. They are also used to limit the frequency of an ad and measure the effectiveness of advertising campaigns. They register whether you have visited a website/app or not. This information may be shared with third parties (e.g. Advertisers). To improve targeting and advertising cookies are often linked to third party site functionalities.


Objection to the use of cookies

If you do not want Delivery Hero to collect and analyse information about your visit, you can object to this at any time for the future (opt-out). If you want to object, please contact us under the contact information mentioned above.


For technical implementation of this contradiction, an opt-out cookie will be set in your browser. This cookie is solely for the purpose of mapping your opposition. Please note that for technical reasons an opt-out cookie can only be used for the browser from which it was set. If you delete cookies or use a different browser or device, you will need to re-opt-out.



Cookies we use from third parties

Google AdWords

As an AdWords customer, we use Google conversion tracking. This is an analysis service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). If you access our website via a Google ad, Google Adwords will set a cookie on your device ("conversion cookie" - performance cookie). This cookie will expire after 30 days. It is not for personal identification. If the cookie has not expired when visiting certain pages, we and Google can recognize that someone clicked on the ad and was redirected to our site. Each advertiser receives a different cookie. Therefore Cookies cannot be tracked through the websites of advertisers. The information gathered through the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that could personally identify users. If you do not want to participate in the tracking process, you can also opt-out of setting a cookie - for example, through your browser setting, which generally disables automatic cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "".


Google Analytics

We work with Google Analytics. This is a web analysis service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). The information generated by the Google Analytics cookie about your use of our website is usually transmitted to and stored by Google on a server in the USA. IP anonymisation has been activated on our websites, so that the IP address of the users of Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened beforehand. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on our behalf to evaluate your use of the website to compile reports on website activity and to provide us with other services related to website usage and internet usage. The IP address provided to Google Analytics as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by a corresponding setting in your browser software; however, we point out that in this case you may not be able to use all functions of this website to the full extent.

You may also prevent Google from collecting and processing the data generated by the cookie and related to your use of the website (including your IP address) by installing the browser plug-in available at the following link : .



Bing ads

We use conversion tracking from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; Microsoft). When you reach our website through a Bing ad, Microsoft Bing Ads sets a cookie on your device. This will allow Microsoft Bing and us to recognize that someone clicked on an ad and was redirected to our website. We only see the total number of users who clicked on a Bing ad and were redirected. Personal information about the identity of the user will not be provided. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example via your browser setting, which generally deactivates the automatic setting of cookies.


Criteo und Mediaplex

On our web pages the technologies of the providers Criteo SA (32 Rue Blanche, 75009 Paris, France; “Criteo”) and Conversant Inc. (30699 Russell Ranch Road #250, Westlake Village, CA 91362, USA; “Conversant”)

collect and store information about the surfing behavior of the website visitors for marketing purposes in anonymized form. This data is stored on your computer using so-called "cookie" text files. Using algorithms, Criteo and Conversant analyse the surfing behavior and can then display targeted product recommendations as personalized advertising banners on other websites (so-called publishers). In no case can this data be used to personally identify the visitor to this website.


The collected data will only be used to improve the offer. There is no other use or disclosure to third parties. You can opt-out of the completely anonymous analysis of your surfing behavior by following this link for Criteo for hosting and for Conversant at click.


For more information about Criteo technology, see the Criteo Privacy Policy ( privacy policy) and Conversant at


Facebook retargeting

We use the Website Custom Audiences Retargeting Tool of Facebook Inc. (1601 S. California Ave., Palo Alto, CA 94304, USA; “Facebook”). In the event that you have a Facebook user account and this is identifiable to the tool based on existing Facebook cookies, this tool will generate a non-personal checksum, which will be transmitted to Facebook for analysis and marketing purposes. On the other hand, we encrypt your email address and send it in encrypted form to Facebook. Through the recognition of cookies and the transmission of encrypted information, Facebook can provide you with targeted product recommendations as personalized advertising banners on Facebook.

You may object to the use of Facebook Website Custom Audiences at



This website uses the web analysis service of Hotjar Ltd. (St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta; “Hotjar”) It randomly records selected communications between the individual visitors and the website anonymously. In this way, a protocol is created, which, for example, contains movements of the cursor and the clicks triggered on the website. The aim of the protocol is to identify ways to improve the respective website. In order to ensure the exclusion of a direct personal relevance, there is an anonymous storage and processing of the IP addresses used. In addition, there is a statistical analysis of the data on the operating system, browser, incoming and outgoing links, geographical origin and resolution and type of device.

If you do not want a recording, you can disable it by enabling a DoNotTrack header in your browser. See for more information.



We use the services of The ADEX GmbH (Torstraße 19, 10119 Berlin, Germany; “ADEX”). ADEX offers so-called "targeting" technologies, in which ADEX evaluates certain user behavior on the websites in order to optimize advertising for the user on the basis of individual usage interests. Cookies, web beacons or similar technologies are used. The collected usage data are stored under a pseudonym. This pseudonym is associated with information about user activity on our websites, services, applications and tools (e.g., clicked banner ads, visited subpages, queries made, etc.). A personal identification of the user is excluded. The IP address of your device transmitted for technical reasons is completely anonymised and not used for the controlled display of advertising. For more information about privacy at ADEX, please visit: .

Insofar as the user no longer receives usage-based advertisements and wishes to prevent the further collection of usage data, he may use the following opt-out link:


Right of modification

We reserve the right to change this data protection declaration in compliance with the statutory provisions. We will of course inform you of any significant changes, such as changes of purpose or new purposes of processing.


Final advice

The protection of your personal data is very important to us. We will take appropriate technical and organizational measures to protect your data. But please remember that You are the owner of your data. The less information you provide, the more control you have. For example, if you want to surf anonymously and do not want your surfing behavior to be analyzed independently of us and our service providers, you should make the appropriate settings in your browser. As long as you do not make the settings, many providers will collect the information you provide. Only in rare cases a personal reference can be created, nevertheless you could surf for example in "Incognito mode" with Google Chrome or in "Private mode" with Firefox.


Contact details of Data Protection Officer are: Željka Rudan, Radnička cesta 47, Zagreb, phone: 01 7987 424, e-mail: - web and mobile service

Web and mobile service is a fun and easy way to order food online from restaurants and caterers in Zagreb, Rijeka, Split and Velika Gorica (Croatia). There are always updated menus, wide selection of dishes, user reviews and recommendations - everything at one place!

Bon appetit!

How it works

Don't worry, you don't have to be an expert to make an order. is very simple to use, just follow these step-by-step instructions and start ordering!

Restaurant's options

Anyone holding a restaurant or catering service in Zagreb, Rijeka, Split and Velika Gorica with food delivery is welcome to join to All you need are computer and internet connection at the venue... more


Dear ,
Pauza has a new interface which will enable you easier browsing through the restaurants which deliver to your address. In order to make your user experience the best it can be, please update your delivery information.
Pauza wishes you bon appetit!