Privacy policy

Privacy Policy

1) Introduction and Contact Details of the Data Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data includes all data that can be used to identify you personally.

1.2

The data controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Wilhelm-Canaris-Str.26 ,46485, Wesel, DE
Email: support@sienamoncello.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 Server Log Files

When you use our website for informational purposes only (i.e., without registering or transmitting information in another way), we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • Our visited website

  • Date and time of access

  • Amount of data sent in bytes

  • Source/referrer from which you came to the page

  • Browser used

  • Operating system used

  • IP address used (possibly in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. Data is not shared or used otherwise. However, we reserve the right to check server log files retrospectively if there are concrete indications of unlawful use.

2.2 SSL/TLS Encryption

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” and the lock symbol in your browser address bar.

3) Hosting & Content Delivery Network

Shopify

We use the system of the following provider for hosting our website and presenting the content:

Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transferred to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, ensuring the protection of data and prohibiting unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by a European Commission adequacy decision.

4) Cookies

To make your visit to our website attractive and enable the use of certain functions, we use cookies – small text files stored on your device. Some cookies are deleted after you close your browser (so-called “session cookies”), others remain on your device and allow us to recognize your browser (so-called “persistent cookies”).

If personal data is also processed via these cookies, processing is based on Art. 6 (1) lit. b GDPR (for contract fulfillment), Art. 6 (1) lit. a GDPR (if consent is given), or Art. 6 (1) lit. f GDPR (for our legitimate interest in the best possible functionality and user-friendly design of our website).

You can configure your browser to inform you about cookie settings and decide individually on their acceptance or exclude cookies for specific cases or in general.

Please note that disabling cookies may limit the functionality of our website.

5) Contacting Us

When you contact us (e.g., via contact form or email), your personal data is collected only to the extent necessary to process and respond to your inquiry.

The legal basis for this data processing is our legitimate interest in responding to your request per Art. 6 (1) lit. f GDPR. If your inquiry aims to enter into a contract, the legal basis is also Art. 6 (1) lit. b GDPR.

Your data will be deleted once your request has been conclusively resolved and no statutory retention obligations exist.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) lit. b GDPR, personal data is collected and processed when you open a customer account, to the extent necessary for account creation. The required data is shown in the input form.

You can delete your customer account at any time by sending a message to the data controller listed above. Your data will then be deleted unless all contracts are fulfilled, no legal retention periods apply, and we have no legitimate interest in further storage.

7) Use of Customer Data for Direct Marketing

Email Newsletter Sign-up

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information is your email address. Any additional data is voluntary and used to personalize emails.

We use the so-called double opt-in procedure to ensure that you receive newsletters only after confirming your registration via a verification link sent to your email.

With this confirmation, you consent to the use of your data under Art. 6 (1) lit. a GDPR. We store your IP address and registration time to trace possible misuse.

You can unsubscribe at any time via the link in the newsletter or by contacting us. After unsubscribing, your email will be deleted unless you have consented to further use.

8) Data Processing for Order Handling

8.1

For fulfillment purposes (delivery and payment), we share your data per Art. 6 (1) lit. b GDPR with shipping partners and financial institutions as necessary.

If we owe you updates for goods with digital elements or digital products, we use your contact data strictly for legal notification duties per Art. 6 (1) lit. c GDPR.

We also work with service providers for contract processing, who may receive personal data as needed.

8.2

For shipping, we cooperate with external logistics partners. Your name, address, and – if required – phone number are shared exclusively for delivery purposes per Art. 6 (1) lit. b GDPR.

8.3 Payment Service Providers

If you choose a payment method from one of our partners during the ordering process, the payment data collected will be passed to the respective provider. The transfer is made in accordance with Art. 6 (1) lit. b GDPR and only to the extent necessary for payment processing.

We currently work with the following providers:

  • Shopify Payments

  • PayPal

  • Klarna

  • Apple Pay

  • Google Pay

  • Amazon Pay

  • SOFORT

Please note the respective privacy policies of these providers for further details on data processing.

9) Use of Rating and Review Tools

If you leave a review or rating on our website, we collect and publish the data you enter voluntarily, such as:

  • Name or nickname

  • Rating

  • Review content

The legal basis for processing is your consent under Art. 6 (1) lit. a GDPR. You may revoke this consent at any time.

10) Use of Social Media: Videos

Use of YouTube Videos

We use the YouTube embedding function to display videos from the provider “YouTube”, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The extended data protection mode is activated, which according to the provider, only starts data processing when the video is played. When you play embedded videos, YouTube may use cookies to gather information about user behavior. These cookies are used, among other things, to record video statistics, improve user-friendliness, and prevent abusive behavior.

If you're logged into your Google account, your data may be directly associated with your personal profile. You can prevent this by logging out before using the video content.

For data transfers to the U.S., Google relies on the EU-U.S. Data Privacy Framework.
Further information: https://policies.google.com/privacy

11) Online Marketing

Use of Google Tag Manager

This website uses Google Tag Manager, a tag management system operated by Google Ireland Limited. The Tag Manager itself does not process personal data but facilitates the integration of tracking tools like Google Analytics, Meta Pixel, etc.

More information: https://marketingplatform.google.com/about/tag-manager/

12) Web Analytics Services

Meta Pixel (Facebook Pixel)

We use the Meta Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. It enables tracking of visitor behavior after viewing or clicking on a Facebook or Instagram ad.

The data collected is anonymous to us but may be stored and processed by Meta for its own advertising purposes under Meta’s Data Use Policy.

Use of this service is based on your explicit consent per Art. 6 (1) lit. a GDPR.
You can withdraw your consent at any time.

Meta relies on the EU-U.S. Data Privacy Framework for data transfers to the U.S.

More information: https://www.facebook.com/about/privacy/

TikTok Pixel

We use the TikTok Pixel by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. It helps us analyze website visitor actions and measure advertising effectiveness on TikTok.

Processing is based on your consent per Art. 6 (1) lit. a GDPR. You can revoke this at any time with future effect.

TikTok transfers data to TikTok Inc. (USA) under standard contractual clauses and other legal safeguards.

More information: https://www.tiktok.com/legal/privacy-policy-eea

13) Tools and Miscellaneous

Cookie Consent Tool

To manage user consents, we use a cookie consent tool that stores consents and, if applicable, their withdrawal. The legal basis is our legal obligation under Art. 6 (1) lit. c GDPR.

WhatsApp Communication

If you contact us via WhatsApp, we use your phone number and name (if available) to respond to your request. This communication is subject to the WhatsApp Business Terms and Meta’s Privacy Policy.

Meta Platforms, Inc. may process metadata in the USA under the EU-U.S. Data Privacy Framework.

Currency Conversion Tool

This website uses a currency converter to display prices in your local currency. The tool may use your IP address for geolocation purposes.

Processing is based on our legitimate interest in offering a better shopping experience per Art. 6 (1) lit. f GDPR.

Data Transfers Outside the EU

When transferring personal data to third countries (outside the EU/EEA), we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses

  • Adequacy decisions by the European Commission (e.g., for Canada, the U.S.)

California Privacy Rights (CCPA)

If you are a California resident, you have the right to request information about the collection and use of your personal data, and to opt out of the sale of such information.

We do not sell your data for profit, but may share limited data with advertising partners (e.g., Meta, Google). You may opt out via our [Do Not Sell My Personal Information] page.