Privacy Policy

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.

"Personal data" means any information relating to an identified or identifiable natural person.

Server log files

You can visit our websites without providing any personal information.

Each time you access our website, your internet browser transmits usage data to us or our web host/IT service provider, which is then stored in log files (server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.

The processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our services.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. The EU Commission has issued an adequacy decision for Canada. The EU Commission has also issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses.

Contact person / Responsible party

Please contact us if you wish. The data controller is: Andreas Grawunder, Oskar-Rieß-Straße 15, 42699 Solingen, Germany, +49 2122 217671, stahlwaren-grawunder@t-online.de

Customer initiates contact via email

If you contact us proactively via email, we collect your personal data (name, email address, message text) only to the extent that you provide it. This data processing serves the purpose of processing and responding to your inquiry.

If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR .

We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Data collection and processing when using the contact form

When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it. The data is processed for the purpose of contacting you.

If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to this processing based on Article 6(1)(f) GDPR.

You have the right to object to the processing of your personal data.

We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Customer account Orders

Customer account

When you open a customer account, we collect your personal data to the extent specified there. This data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal. Your customer account will then be deleted.

Collection, processing and transfer of personal data during orders

When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for entering into a contract. Failure to provide this data will result in the contract not being concluded. This processing is based on Article 6(1)(b) GDPR and is necessary for the performance of a contract with you.

Your data will be shared with, for example, shipping companies, dropshipping and fulfillment providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to the minimum necessary.

Your data may be transferred to and processed in third countries outside the EU, in particular in Canada and the USA.

Canada has an adequacy decision from the EU Commission. For the USA, there is an adequacy decision from the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not TADPF certified. This data transfer is based on contractual obligations comparable to the EU Commission's Standard Contractual Clauses. Payment service providers

Using Klarna payment options

We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”) on our website.

By selecting and using Klarna as your payment method, the data required for payment processing will be transmitted to Klarna in order to fulfill the contract with you using your chosen payment method. This processing is based on Article 6(1)(b) GDPR. Cookies may be stored to enable the recognition of your browser. The resulting data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object , on grounds relating to your particular situation , at any time to the processing of personal data concerning you.

"Pay Later" (invoice), "Pay Now" (payment by direct debit, credit card, instant bank transfer), "Financing" (installment purchase)

For certain payment methods such as "Pay Later" (invoice), "Pay Now" (payment by direct debit, credit card, instant bank transfer), "Financing" (installment purchase), Klarna reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies.

For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address, and order-related data, to a credit agency for identity and credit verification. Klarna uses the information obtained about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values ​​(score values) calculated using scientifically recognized mathematical-statistical methods, which incorporate address data, among other factors. Your legitimate interests are protected in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protecting against payment defaults when Klarna provides services in advance. You have the right to object , on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(f) GDPR by notifying Klarna. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method.

Further information, in particular regarding which credit agencies Klarna shares your personal data with, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/dede/credit__rating_agencies .

General information about Klarna can be found at: https://www.klarna.com/de/ . Your personal data will be processed by Klarna in accordance with applicable data protection regulations and as described in Klarna's privacy policy at [link to Klarna privacy policy].

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_ de/privacy .

Data subject rights and storage period

Storage duration

After complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the data subject

Provided the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.

Furthermore, pursuant to Article 21 Paragraph 1 GDPR, you have the right to object to processing based on Article 6 Paragraph 1 f GDPR, as well as to processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority

According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

PO Box 20 04 44

40102 Düsseldorf

Tel.: +49 211 384240

Fax: +49 211 38424999

Email: poststelle@ldi.nrw.de

Right to object

If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.

After an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

Last updated: October 22, 2024

Andreas Grawunder

Steel goods expert & market business

Birgit Grawunder

E-commerce & Administration

Kim Grawunder

Online shop & online marketing