Confidentiality

Data Protection Declaration
Data Controller:
Harald Wester
Uracherstr. 3
50739 Cologne
Germany
Email: shop@steelmonks.fr

We attach great importance to the protection of your privacy and the confidentiality of your personal data. This declaration is intended to inform you in detail about the processing of your data when using our online shop.

1. ACCESS DATA AND HOSTING
You can visit our web pages without providing any personal information. Each time you visit our site, the web server automatically saves a server log file that documents the access (e.g. the name of the requested file, your IP address, the date and time of the access, the amount of data transmitted and the requesting provider). This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer in accordance with Art. 6 para. 1 lit. f GDPR. All access data is deleted no later than seven days after the end of your visit to the site.

2. Data Processing for the Execution of the Contract, Contact and Opening of a Customer Account
We collect personal data when you voluntarily provide us with this information as part of your order, when contacting us (e.g. via a contact form or email) or when opening a customer account. Mandatory fields are marked as such, as this data is essential for the execution of the contract or the processing of your contact and without it you cannot complete your order or open an account. This data is used for the execution of the contract and the processing of your requests in accordance with Art. 6 Para. 1 lit. b GDPR. After complete execution of the contract or deletion of your customer account, your data is restricted for further processing and deleted after expiry of the statutory retention periods, unless you have expressly consented to further use in accordance with Art. 6 Para. 1 lit. a GDPR. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option on this page or by using a function provided for this purpose in the customer account.

3. DATA PROCESSING FOR THE PURPOSE OF EXECUTION OF THE SHIPMENT
For the execution of the contract, we pass on your data to the shipping service provider required for the delivery of the ordered goods in accordance with Art. 6 para. 1 lit. b GDPR. If you have given your express consent during or after your order, we also pass on your telephone number to the selected shipping service provider in accordance with Art. 6 para. 1 lit. a GDPR to coordinate the delivery.

You can revoke your consent at any time by sending us a message or directly to the shipping service provider at the contact address below. After revocation, we delete your data, unless you have expressly consented to further use or we reserve the right to use your data beyond what is permitted by law and about which we inform you in this declaration.

United Parcel Service Deutschland S.à rl & Co. OHG
Görlitzer Strasse 1
41460 Neuss
Germany

DHL Package GmbH
Street 10
53113 Bonn
Germany

4. DATA PROCESSING FOR PAYMENT PROCESSING
For the processing of payments in our online shop, we cooperate with technical service providers, credit institutions and payment service providers.

4.1 DATA PROCESSING FOR TRANSACTION PROCESSING
Depending on the selected payment method, we transmit the data required for processing the payment transaction to our technical service providers, commissioned credit institutions or the selected payment service provider, to the extent necessary for processing the payment. This is in accordance with Art. 6 para. 1 lit. b GDPR. Please note that payment service providers may sometimes collect this data themselves, either on their own website or via technical integration into the ordering process. In this case, the privacy policy of the respective payment service provider applies. For questions about our payment processing partners, please refer to the contact option mentioned in this declaration.

4.2 DATA PROCESSING FOR FRAUD PREVENTION AND OPTIMIZATION OF OUR PAYMENT PROCESSES
We also transmit other data to our service providers, who use them, as processors, for fraud prevention and optimization of our payment processes (e.g. for invoicing, processing disputed payments and accounting support). This practice is in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, to safeguard our overriding legitimate interests in fraud prevention and efficient payment processing.

5. EMAIL ADVERTISING
5.1 EMAIL NEWSLETTER WITH REGISTRATION

If you subscribe to our newsletter, we use the data you have provided to us to send you our newsletter by e-mail on a regular basis, in accordance with your express consent as defined in Art. 6 para. 1 sentence 1 lit. a GDPR. You have the option to unsubscribe from the newsletter at any time, either by sending a message to the contact address given in this declaration or by using the unsubscribe link included in each newsletter. After unsubscribing, your e-mail address will be removed from our mailing list, unless you have expressly consented to further use of your data or we reserve the right to use your data for additional purposes that are permitted by law and explicitly mentioned in this declaration.

5.2 EMAIL NEWSLETTER WITHOUT REGISTRATION AND YOUR RIGHT OF OBJECTION
If we obtain your email address in connection with the sale of a product or service and you have not objected to this, we reserve the right to occasionally send you offers by email for products similar to those you have already purchased. This practice is based on Article 7, paragraph 3 of the Unfair Competition Act and is intended to safeguard our legitimate interests in commercial promotion. You can object to this use of your email address at any time, either by contacting the address given in this declaration or by using a link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.

5.3 SENDING THE NEWSLETTER
We may entrust the sending of our newsletter to service providers acting on our behalf. If you have any questions about these providers and the terms of our cooperation with them, please contact our customer service via the contact option mentioned in this data protection declaration.

5.4 SENDING EVALUATION REQUESTS BY EMAIL
If you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR, during or after your order, we will use your email address to invite you to evaluate your purchase via our evaluation system. You can revoke this consent at any time by sending a message to the contact option specified in this declaration or via a link in the evaluation request email.

Rating requests may also be sent by our service provider Trusted Shops, which acts on our behalf. Trusted Shops uses service providers based in the USA, and an adequate level of data protection is maintained. For more information on the data protection practices of Trusted Shops, please refer to their privacy policy at [https://www.trustedshops.de/legal-and-data-protection/]. If you have any questions about Trusted Shops or other service providers, please do not hesitate to use the contact option provided in our data protection declaration.

6. COOKIES AND OTHER TECHNOLOGIES
To improve the user experience on our website and enable certain features, we use various technologies, including cookies. Cookies are small text files that are automatically stored on your device. Some cookies, called session cookies, are deleted at the end of your browsing session, i.e. when you close your browser. Others, called persistent cookies, remain on your device and allow us to recognize your browser on subsequent visits.

We use these technologies, which are essential for certain functions of the website (such as the shopping cart functionality), to collect and process information such as your IP address, the time of your visit, as well as data about your device and your use of the website. This use is justified by our overriding legitimate interests in optimizing our online offering in accordance with Art. 6 para. 1 lit. f GDPR.

We also use these technologies to comply with legal obligations (e.g. to confirm consent to the processing of your personal data) and for activities such as web analytics and online marketing. Further information on the data processing related to these technologies, including the respective legal bases, can be found in the following sections of this statement.

To manage cookie settings on your browser, please visit the following links: Microsoft Edge™ , Safari™ , Chrome™ , Firefox™ , Opera™ . If you have consented to the use of these technologies in accordance with Article 6(1)(a) of the GDPR, you can revoke your consent at any time by contacting our customer service via the contact option provided in this privacy statement.

7. USE OF COOKIES AND OTHER TECHNOLOGIES FOR WEB ANALYSIS AND ADVERTISING PURPOSES
Within the scope of your consent given in accordance with Article 6 (1) (a) GDPR, we use cookies and other technologies from third-party providers on our website. These technologies are used to analyse the use of our website and for advertising activities. The data collected via these technologies are deleted once the specific purpose for their use has been achieved and we cease using the technology in question.

You have the possibility to revoke your consent to the use of these technologies at any time, with effect for the future. Detailed information on your revocation options can be found in the "Cookies and Other Technologies" section of this declaration. You can also obtain additional information, including on the basis of our cooperation with various providers, in the descriptions of the specific technologies used.

For any questions regarding suppliers and the basis of our collaboration with them, please do not hesitate to use the contact option mentioned in this privacy statement.

7.1 USE OF GOOGLE SERVICES
We use the services of Google Ireland Ltd., located at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information generated by Google technologies about your use of our website is generally transmitted to and stored on a Google LLC server in the USA. For data transfers to the USA, there is no adequacy decision by the European Commission, but we rely on the standard data protection clauses of the European Commission. IP anonymization is activated to reduce the IP address before it is stored on Google servers, with the exception of rare cases where the full IP address is sent and shortened by Google. Data processing is based on agreements between joint controllers in accordance with Art. 26 GDPR.

Google Analytics

To analyze our website, Google Analytics creates pseudonymous usage profiles from your data (IP address, time of visit, device and browser information, and website usage). Cookies may be used for this purpose. The data collected by Google Analytics is processed on the basis of an order processing agreement by Google.

We have enabled data sharing for "Google products and services" to optimize the marketing of our site. This allows Google to access the data processed by Google Analytics and use it to improve its services. This data exchange is based on an additional agreement between the controllers. We have no control over the further processing of data by Google.

Google Ads

The Google Remarketing cookie is used for targeted advertising in Google search results and on third-party websites. This cookie generates interest-based ads from collected data (IP address, time of visit, device and browser information, website usage) and a pseudonymous CookieID. If you have enabled "personalized advertising" in your Google account, Google may link your data with Google Analytics data for cross-device remarketing.

We also use Google Ads conversion tracking to analyze your usage behavior after clicking on a Google Ads ad. This tracking may use cookies to record data (IP address, time of visit, device and browser information, and website usage according to predefined events) and create profiles created using pseudonyms.

7.2 USE OF FACEBOOK SERVICES

Use of Facebook Pixel

We use the Facebook pixel of Facebook Ireland Ltd, located at 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). The Facebook pixel collects and stores data about your use of our website (IP address, time of visit, device and browser information, as well as actions on the website based on predefined events, such as visiting a website or subscribing to a newsletter) to create pseudonymous usage profiles. As part of the extended data matching, information such as names, email addresses and telephone numbers are collected in hashed form for the identification of individuals. A cookie is automatically set by the Facebook pixel when you visit our website, which allows Facebook to recognize your browser using a pseudonymous CookieID.

The data collected by Facebook technologies are generally transferred to and stored on a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, in the United States. In the absence of an adequacy decision by the European Commission for the United States, our cooperation is based on the standard data protection clauses of the European Commission. For more information on data processing by Facebook, please see their privacy policy.

Facebook Analytics

We use Facebook Analytics to obtain statistics on visitor activity on our website, based on data collected via the Facebook pixel. Data processing by Facebook Analytics is carried out within the framework of an order processing agreement by Facebook, aimed at optimizing the presentation and marketing of our website.

Facebook Ads

We use Facebook Ads to promote our site on Facebook and other platforms. Facebook manages the placement of the ads to the individual users, with us defining the campaign settings. Data processing within the framework of Facebook Ads is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR. The joint responsibility is limited to the collection of the data and its transmission to Facebook Ireland. Further processing of the data by Facebook Ireland is not covered by this responsibility.

We also use Facebook Custom Audience based on Facebook pixel statistics to target ads on Facebook based on target group characteristics. For extended data comparisons, Facebook acts as our processor.

Remarketing via the Facebook pixel is based on the pseudonymous cookie ID and the collected data about your usage behavior on our website, enabling personalized advertising via Facebook pixel remarketing.

With Facebook Pixel Conversions, we analyze your usage behavior after visiting our site via a Facebook Ads ad, for the purpose of measuring the effectiveness of the ads and tracking events. This data processing is based on an order processing agreement by Facebook.

8. INTEGRATION OF THE TRUSTED SHOPS TRUST BADGE
To present our Trusted Shops quality seal, the collected reviews, as well as to offer Trusted Shops products to buyers after an order, we integrate the Trusted Shops Trustbadge on our website.

This integration serves to safeguard our overriding legitimate interests in an optimal presentation of our offer and a secure purchase in accordance with Art. 6 para. 1 lit. f GDPR. The Trustbadge and the services promoted by it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, and are provided via a CDN (Content-Delivery-Network) provider. Trusted Shops GmbH also uses service providers based in the USA with an adequate level of data protection. You can find out more about data protection at Trusted Shops GmbH in their privacy policy .

When you access the Trustbadge, the web server saves a server log file, including your IP address, the date and time of access, the amount of data transmitted and the requesting provider (access data), and documents this access. This access data is stored in a security database for the analysis of security anomalies and is automatically deleted no later than 90 days after its creation.

If you choose to use Trusted Shops products after placing an order, or if you are already registered to use them, additional personal data is transmitted to Trusted Shops GmbH. The contractual agreement between you and Trusted Shops applies. An automatic collection of personal data from the order information is carried out. It is automatically checked whether you are already registered to use a product using a neutral parameter, the e-mail address hashed by a cryptographic function. This e-mail address is transformed into a hash value that cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is automatically deleted.

This procedure is necessary to fulfil our and Trusted Shops' overriding legitimate interests in providing buyer protection and transactional review services related to the specific order in accordance with Article 6(1)(f) GDPR. For further details, including how to object, please refer to the Trusted Shops privacy policy mentioned above and in the Trustbadge.

9. SOCIAL MEDIA

9.1 SOCIAL PLUGINS FROM FACEBOOK, INSTAGRAM, PINTEREST

Social buttons of social networks are used on our website. These are simply integrated into the page as HTML links, so that no connection is yet established with the servers of the respective provider when you visit our website. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. You can then, for example, click on the Like or Share button.

9.2 OUR ONLINE PRESENCE ON FACEBOOK, INSTAGRAM

If you have given your consent to the operator of the social network in accordance with Art. 6 (1) (a) GDPR, your data will be collected and stored automatically for market research and advertising purposes when you visit our online presences on Facebook or Instagram. Pseudonymous usage profiles are created from this data, which can be used to display internal and external advertising that matches your interests. Cookies are usually used for this purpose.

For more information on the processing and use of data by the operators of the social networks, as well as your rights and options for protecting your privacy, please consult the providers' privacy policies at the following links:

Facebook

Facebook is a service of Facebook Ireland Ltd, located at 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The data automatically collected by Facebook Ireland about your use of our online presence on Facebook is generally sent to and stored on a server of Facebook, Inc., located at 1601 Willow Road, Menlo Park, California 94025, USA. In the absence of an adequacy decision by the European Commission for data transfers to the USA, our cooperation with Facebook is based on standard data protection clauses of the European Commission. The processing of data when visiting a Facebook fan page is based on an agreement between joint controllers in accordance with Article 26 of the GDPR. For more information on Facebook's processing of Insights data, seetheir Insights Data Policy .

Instagram

Instagram , also a service of Facebook Ireland Ltd, operates in a similar manner. The information automatically collected by Facebook Ireland about your use of our online presence on Instagram is typically transferred to and stored on a Facebook, Inc. server in the United States. The same lack of adequacy decision by the European Commission for the United States applies, and our cooperation is also based on the European Commission's standard data protection clauses. The processing of data when visiting an Instagram fan page is carried out according to an agreement between joint controllers under Article 26 GDPR. Detailed information on Instagram's processing of Insights data can be found ontheir Insights data terms and conditions page .

10. CONTACT POSSIBILITIES AND YOUR RIGHTS
As a data subject, you have the following rights:

Right to Information: In accordance with Art. 15 of the GDPR, you have the right to request information about your personal data that we process, to the extent specified in this article.
Right of Rectification: In accordance with Art. 16 GDPR, you have the right to demand without delay the correction of incorrect personal data or the completion of your personal data stored with us.
Right to Erasure: In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored with us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
Right to Restriction of Processing: In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data in cases where the accuracy of the data is contested by you, the processing is unlawful, but you refuse their erasure and we no longer need the data, but you require them for the establishment, exercise or defense of legal claims, or you have lodged an objection against the processing in accordance with Art. 21 GDPR. Right to Data Portability
Data: In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request their transmission to another controller.
Right to Complain: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your habitual residence, place of work or our registered office.

For any questions regarding the collection, processing or use of your personal data, for requests for information, correction, blocking or deletion of data, as well as for the revocation of consents granted or for objection to a specific use of data, please contact us directly via the contact details provided in our legal notice.

Right to object: If we process personal data as described above in order to protect our overriding legitimate interests in a balancing of interests, you may object to this processing. If the processing is carried out for direct marketing purposes, you can exercise this right at any time. If the processing is carried out for other purposes, you have a right to object only on grounds relating to your particular situation.

After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

This right to object does not apply if the data processing is carried out for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.