Privacy policy

General Notice and Mandatory Information

Designation of the Responsible Body

The responsible body for data processing on this website is:

Steambow GmbH
Mag. Gerald Missbach
Baeckerstrasse 1
2433 Margarethen am Moos
Austria

The responsible body decides alone or jointly with others on the purposes and means of processing personal data (e.g., names, contact details, etc.).

Revocation of Your Consent to Data Processing

Only with your explicit consent are some operations of data processing possible. A revocation of your already given consent is possible at any time. For the revocation, an informal message by email is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to File Complaints with the Regulatory Authority

In the event of a breach of data protection law, the person affected has the right to file a complaint with the competent regulatory authority. The competent regulatory authority regarding data protection issues is the state data protection officer of the federal state in which our company is located. The following link provides a means to file a complaint online with the competent authority: https://www.dsb.gv.at/Eingabeformular-online/Eingabeformular-online.html.

Right to Data Portability

You have the right to have data, which we process based on your consent or in fulfillment of a contract, handed over to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent that it is technically feasible.

Right to Information, Correction, Blocking, Deletion

You have the right at any time within the framework of the applicable legal provisions to free information about your stored personal data, the origin of the data, its recipients, and the purpose of data processing and, if necessary, a right to correct, block, or delete this data. For this purpose, as well as further questions on the subject of personal data, you can always contact us via the contact options listed in the imprint.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, our website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" address line of your browser and by the lock symbol in your browser line.

Server Log Files

In server log files, the website provider automatically collects and stores information that your browser automatically transmits to us. These are:

- Visited page on our domain
- Date and time of the server request
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- IP address

This data is not combined with other data sources. The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which allows the processing of data to fulfill a contract or pre-contractual measures.

Data Transmission at the Conclusion of Contract for Online Shops, Retailers, and Goods Shipment

Personal data will only be transmitted to third parties if there is a necessity in the context of contract processing. Third parties may include payment service providers or logistics companies, for example. Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission.

The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which allows the processing of data to fulfill a contract or for pre-contractual measures.

Registration on This Website

You can register on our website to use certain features. The data transmitted is used exclusively for the purpose of using the respective offer or service. Mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

In case of important changes, such as for technical reasons, we will inform you by email. The email will be sent to the address provided during registration.

The processing of the data entered during registration is based on your consent (Art. 6 Para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal message by email is sufficient. The legality of the already completed data processing remains unaffected by the revocation.

We store the data collected during registration for the period you are registered on our website. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.

Contact Form

Data transmitted via the contact form, including your contact details, are stored in order to process your inquiry or to be available for follow-up questions. Without your consent, this data will not be passed on.

The processing of the data entered into the contact form occurs exclusively based on your consent (Art. 6 Para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time.

For the revocation, an informal message by email is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to storage, or there is no longer any need to store the data. Mandatory statutory provisions - especially retention periods - remain unaffected.

Newsletter Data

To send our newsletter, we need an email address from you. Verification of the specified email address is necessary, and the receipt of the newsletter is to be agreed to. Additional data is not collected or is voluntary. The use of the data takes place exclusively for the dispatch of the newsletter.

The data provided in the newsletter registration is processed exclusively based on your consent (Art. 6 Para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal message by email is sufficient, or you unsubscribe via the "unsubscribe" link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.

Data entered to set up the subscription will be deleted in the event of unsubscription. Should these data have been transmitted to us for other purposes and elsewhere, they will remain with us.

Cookies

Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies help us make our offer more user-friendly, effective, and secure.

Some cookies are "session cookies." Such cookies are deleted automatically after the end of your browser session. On the other hand, other cookies remain on your end device until you delete them yourself. Such cookies help us to recognize you when you return to our website.

With a modern web browser, you can monitor, restrict, or prevent the setting of cookies. Many web browsers can be configured to delete cookies automatically when the program is closed. Disabling cookies may result in limited functionality of our website.

The setting of cookies, which are necessary for the performance of electronic communication processes or the provision of certain functions you desire (e.g., shopping cart), is based on Art. 6 Para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies (e.g., for analysis functions) are set, they will be treated separately in this privacy policy.

YouTube Videos

Type and Scope of Processing

We have integrated YouTube videos into our website. YouTube Video is a component of the video platform of YouTube, LLC, where users can upload content, share it over the internet, and receive detailed statistics. YouTube Video enables us to integrate platform content into our website.

YouTube Video uses cookies and other browser technologies to evaluate user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can assign the played videos to the profile.

When you access this content, you connect to servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted.

Purpose and Legal Basis

The use of the service is based on your consent according to Art. 6 Para. 1 lit. a. DSGVO and § 25 Para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards within the meaning of Art. 44 ff. DSGVO with the recipients of the data. These are - unless stated otherwise - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, we obtain your consent for such a third-country transfer according to Art. 49 Para. 1 Sentence 1 lit. a. DSGVO, which you give via the consent manager (or other forms, registrations, etc.). We point out that there may be risks associated with third-country transfers (e.g., data processing by security authorities of the third country, whose exact scope and consequences for you we do not know, over which we have no influence and of which you may not be aware).

Storage Duration

The specific storage duration of the processed data cannot be influenced by us but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

Cloudflare CDN

Type and Scope of Processing

We use Cloudflare CDN to properly deliver the contents of our website. Cloudflare CDN is a service of Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content from our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access these contents, you connect to servers of Cloudflare, Inc., whereby your IP address and possibly browser data such as your user agent are transmitted. These data are processed exclusively for the purposes mentioned above and to maintain the security and functionality of Cloudflare CDN.

Purpose and Legal

Basis The use of the content delivery network is based on our legitimate interests, i.e., interest in a secure and efficient provision and optimization of our online offer according to Art. 6 Para. 1 lit. f. DSGVO.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards within the meaning of Art. 44 ff. DSGVO with the recipients of the data. These are - unless stated otherwise - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

Storage Duration

The specific storage duration of the processed data cannot be influenced by us but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.

Google Analytics

Type and Scope of Processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of views of our online offer, visited sub-pages, and the duration of visitors' stay. Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. This information is used, among other things, to compile reports on website activity.

Purpose and Legal

Basis The use of Google Analytics is based on your consent according to Art. 6 Para. 1 lit. a. DSGVO and § 25 Para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards within the meaning of Art. 44 ff. DSGVO with the recipients of the data. These are - unless stated otherwise - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, we obtain your consent for such a third-country transfer according to Art. 49 Para. 1 Sentence 1 lit. a. DSGVO, which you give via the consent manager (or other forms, registrations, etc.). We point out that there may be risks associated with third-country transfers (e.g., data processing by security authorities of the third country, whose exact scope and consequences for you we do not know, over which we have no influence and of which you may not be aware).

Storage Duration

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google reCAPTCHA

Type and Scope of Processing

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is made automatically by a program. When you access this content, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. In addition, Google reCAPTCHA records the user's dwell time and mouse movements to distinguish automated inquiries from human ones. These data are processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.

Purpose and Legal Basis

The use of Google reCAPTCHA is based on your consent according to Art. 6 Para. 1 lit. a. DSGVO and § 25 Para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards within the meaning of Art. 44 ff. DSGVO with the recipients of the data. These are - unless stated otherwise - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, we obtain your consent for such a third-country transfer according to Art. 49 Para. 1 Sentence 1 lit. a. DSGVO, which you give via the consent manager (or other forms, registrations, etc.). We point out that there may be risks associated with third-country transfers (e.g., data processing by security authorities of the third country, whose exact scope and consequences for you we do not know, over which we have no influence and of which you may not be aware).

Storage Duration

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

Google Tag Manager

Type and Scope of Processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to precisely control the exact integration of services on our website.

This allows us to flexibly integrate additional services to evaluate the access of users to our website.

Purpose and Legal Basis

The use of Google Tag Manager is based on your consent according to Art. 6 Para. 1 lit. a. DSGVO and § 25 Para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards within the meaning of Art. 44 ff. DSGVO with the recipients of the data. These are - unless stated otherwise - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, we obtain your consent for such a third-country transfer according to Art. 49 Para. 1 Sentence 1 lit. a. DSGVO, which you give via the consent manager (or other forms, registrations, etc.). We point out that there may be risks associated with third-country transfers (e.g., data processing by security authorities of the third country, whose exact scope and consequences for you we do not know, over which we have no influence and of which you may not be aware).

Storage Duration

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

PayPal

Our website enables payment via PayPal. The provider of the payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

When you pay with PayPal, the payment data you enter are transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 Para. 1 lit. a DSGVO (consent) and Art. 6 Para. 1 lit. b DSGVO (processing to fulfill a contract). A revocation of your already given consent is possible at any time. Data processing operations in the past remain effective in the event of a revocation.

Klarna

Our website enables payment via Klarna. The provider of the payment service is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.

When paying with Klarna (Klarna checkout solution), Klarna collects various personal data from you. Details can be found in Klarna's privacy policy at: https://www.klarna.com/de/datenschutz/.

Klarna uses cookies to optimize the Klarna checkout solution. This optimization constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Cookies are small text files that your web browser stores on your end device. Klarna's cookies remain on your device until you delete them. Details on the use of Klarna cookies can be found at: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

The transmission of your data to Klarna is based on Art. 6 Para. 1 lit. a DSGVO (consent) and Art. 6 Para. 1 lit. b DSGVO (processing to fulfill a contract). A revocation of your already given consent is possible at any time. Data processing operations in the past remain effective in the event of a revocation.

Google Web Fonts

Type and Scope of Processing

Type and Scope of Processing We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offer. To access these fonts, you connect to servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and Legal Basis

The use of Google Fonts is based on your consent according to Art. 6 Para. 1 lit. a. DSGVO and § 25 Para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards within the meaning of Art. 44 ff. DSGVO with the recipients of the data. These are - unless stated otherwise - standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, we obtain your consent for such a third-country transfer according to Art. 49 Para. 1 Sentence 1 lit. a. DSGVO, which you give via the consent manager (or other forms, registrations, etc.). We point out that there may be risks associated with third-country transfers (e.g., data processing by security authorities of the third country, whose exact scope and consequences for you we do not know, over which we have no influence and of which you may not be aware).

Storage Duration

The specific storage duration of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Meta (Facebook)
Type and Scope of Processing

We use the Facebook Customer Audiences service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, with the help of a Facebook Pixel to track user behavior after clicking on a Facebook or Instagram ad. Data is also transmitted to Facebook Inc. in the USA. See section 4.1.1 for risk information regarding data transfer to the USA.

With the Facebook Pixel, we can understand how our marketing measures on Facebook are received and make optimizations if necessary. Facebook stores and processes the data for its own advertising purposes in accordance with the Meta Platforms Ireland Limited Facebook Data Policy. You can manage or revoke cookie storage at any time via our Consent Manager.

Purpose and Legal Basis


The use of Meta is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g., in the USA), we have agreed on other suitable safeguards with the recipients of the data pursuant to Arts. 44 ff. GDPR. Unless otherwise stated, these are the EU Standard Contractual Clauses according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

Furthermore, we obtain your consent for such third-country transfers pursuant to Art. 49(1) sentence 1(a) GDPR, which you grant via the Consent Manager (or other forms, registrations, etc.). Please note that third-country transfers may involve unknown risks in detail (e.g., data processing by authorities in the third country, the extent of which and its consequences for you are unknown, beyond our control, and of which you may not become aware).

Storage Period


The exact storage period of the processed data is determined by Meta Platforms Ireland Limited and cannot be influenced by us. More information can be found in Meta’s privacy policy: https://www.facebook.com/about/privacy/.

Salesforce Account Engagement (formerly Pardot, hereinafter “Pardot”)

We use the Pardot Marketing Automation System – hereinafter: Pardot MAS – of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA.

Pardot is an application connected to Salesforce for recording and analyzing website usage by visitors and serves as an email marketing tool as well as for automating newsletter distribution.

Where Pardot processes personal data, it is done exclusively on our behalf and according to our instructions. Voluntarily provided personal data is initially stored in Pardot and then processed with the Salesforce CRM system for the purpose of contacting you and/or sending information. Salesforce does not store IP addresses, but uses individual identifiers: “unique visitor ID” and “unique identifier.”

Transfer of personal data to the USA generally does not occur but cannot be entirely excluded. When visiting our website, Pardot MAS records your click path and creates an individual usage profile using a pseudonym. Cookies are used for this purpose to allow browser recognition. The cookies set include a “Visitor Cookie” and a “Pardot App Session 5 Cookie.” The Visitor Cookie generates an identification number to recognize the visitor’s browser, which has no meaning outside Pardot services. The Pardot App Session Cookie is set only when a customer logs in to the Pardot app. Both cookies only contain the generated number code.

Emails sent via Pardot use tracking technologies. We use this data to determine which topics are of interest to you by tracking whether our emails are opened and which links you click. This information is then used to improve the emails we send and the services we provide.

ID Data for Age Verification


Type and Scope of Processing


Due to legal regulations for shipping certain products to specific countries, we are required to obtain age verification. We have decided, even without a legal obligation, to sell our products only to persons over 18 years of age. For this reason, we must compare your data with an official photo ID. When registering a customer account, you will be asked to submit a copy of an official photo ID. We verify your age as soon as we receive the ID copy and then activate the customer account. After the age verification, the ID copy is destroyed and any image data is deleted. Your ID data and images of your ID are not stored with us. We reserve the right to repeat the age verification at any time.

Purpose and Legal Basis


The verification of ID data is carried out to comply with legal and firearms regulations. Where such legal requirements do not exist, we have voluntarily decided to enforce an age limit of 18 years.

Storage Period


ID data is not stored.