Grandfather's Workshop

Pappo! The first community based shop for the Western Balkans!

Before you enter the marketplace, discover the story behind PappoShop and how we support entrepreneurs from vulnerable communities.

Read the story first
← Back to Home

Privacy Policy

Last updated: March 2026

1. Who We Are

PappoShop (accessible at pappo.org and papposhop.org) is a social enterprise marketplace operated by REDI North Macedonia, connecting Roma entrepreneurs across the Western Balkans with customers worldwide.

2. Information We Collect

Account information: Name, email address, and password when you create an account.

Order information: Name, email, phone number, shipping address, and payment details when you place an order.

Usage data: Pages visited, time spent, clicks, device type, browser, IP address, and referring URL through cookies and analytics tools.

Communications: Emails you send us and waitlist sign-ups.

3. How We Use Your Information

  • Process and fulfil your orders
  • Send order confirmation and shipping update emails
  • Improve our website and product offerings
  • Analyse traffic and usage patterns (Google Analytics, PostHog)
  • Display relevant advertising (Facebook Pixel, Google Ads)
  • Prevent fraud and ensure security
  • Comply with legal obligations

4. Cookies & Tracking

We use the following tracking technologies:

  • Google Analytics (GA4) — website traffic analysis
  • Google Ads — conversion tracking and remarketing
  • Meta (Facebook) Pixel — conversion tracking and ad optimisation
  • PostHog — product analytics and user behaviour
  • Sentry — error tracking and performance monitoring

You can manage your cookie preferences through the cookie consent banner or your browser settings. Declining cookies will disable non-essential tracking.

5. Sharing Your Information

We do not sell your personal information. We share data only with:

  • Payment processors (Stripe) to process payments securely
  • Email providers (Resend) to send transactional emails
  • Analytics providers (Google, Meta, PostHog) in anonymised/aggregated form
  • Hosting providers (Vercel, Supabase) as part of our infrastructure

6. Your Rights (GDPR)

If you are in the European Economic Area or Western Balkans, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time
  • Data portability
  • Object to processing

To exercise these rights, contact us at redimk@redi-ngo.eu.

7. Data Security

We use industry-standard security measures including HTTPS encryption, secure payment processing through Stripe, and access-controlled databases. However, no method of electronic transmission is 100% secure.

8. Data Retention

We retain order data for up to 5 years for legal and accounting purposes. Analytics data is retained according to each provider's policies. You can request deletion of your personal data at any time.

9. Contact

For privacy-related inquiries, contact:
REDI North Macedonia
Email: redimk@redi-ngo.eu