Privacy Policy General Information As the operator of this website and as a company, we come into contact with your personal data. This includes all data that reveals something about you and by which you can be identified. In this privacy policy, we explain how, for what purpose, and on what legal basis we process your data. Controller responsible for data processing on this website and within our company: Steamergy GmbH & Co. KG Ruselbergstr. 92 94469 Deggendorf Germany Phone: +49 32 221094118 E-mail: office@steamergy.com Represented by: Robert Duschl (Managing Director) General Notes SSL and TLS Encryption When you enter data on websites, place online orders, or send emails over the internet, it is generally possible that unauthorized third parties may access such data. Complete protection cannot be guaranteed. However, we do our utmost to protect your data and close potential security gaps. An important protective measure is SSL or TLS encryption of our website. This ensures that data transmitted by you cannot be read by third parties. You can recognize encryption by the lock symbol in your browser and the fact that our web address begins with https://. Encrypted Payment Transactions Payment data (e.g., account or credit card numbers) require special protection. Therefore, all payment transactions using common payment methods are conducted exclusively through an encrypted SSL/TLS connection. Data Retention Unless otherwise stated in the specific sections below, we store your data until the purpose of processing no longer applies, you object to the processing, or you withdraw your consent. Further processing may occur if: compelling legitimate grounds override your interests (not applicable in the case of objections to direct marketing), processing is required for the establishment, exercise, or defense of legal claims (not applicable in the case of objections to direct marketing), or legal retention obligations apply. In such cases, we delete the data once the relevant conditions cease to apply. Data Transfer to the USA We may use tools from companies that transfer and process your data in the United States. The USA does not provide a level of data protection comparable to that of the EU. U.S. companies may be required to disclose personal data to authorities without allowing you to seek legal remedy. We have no control over such processing activities. Your Rights Right to Object to Data Processing IF WE PROCESS YOUR DATA ON THE BASIS OF ARTICLE 6(1)(F) GDPR (LEGITIMATE INTEREST), YOU HAVE THE RIGHT UNDER ARTICLE 21 GDPR TO OBJECT TO SUCH PROCESSING. This also applies to any profiling based on that provision. You must provide reasons arising from your particular situation, unless your objection concerns direct marketing. Consequence: We will no longer process your data unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defense of legal claims. These exceptions do not apply to objections to direct marketing or related profiling. Additional Rights Withdrawal of Consent (Art. 7(3) GDPR): You may withdraw consent at any time with future effect. Right to Lodge a Complaint (Art. 77 GDPR): You may file a complaint with a supervisory authority (e.g., at your place of residence, workplace, or alleged infringement). Right to Data Portability (Art. 20 GDPR): You may request data processed automatically on the basis of consent or contract in a common, machine-readable format. Access, Rectification, Erasure (Art. 15–17 GDPR): You have the right to obtain information about your stored personal data, request correction of inaccuracies, or demand erasure under the conditions of Art. 17 GDPR. Restriction of Processing (Art. 18 GDPR): You may request restriction of processing under certain conditions (e.g., during verification of data accuracy, pending legal claims, or pending balancing of interests after objection). Hosting and Content Delivery Networks (CDN) External Hosting Our website is hosted by the following service provider: ONEPAGE GmbH Data Processing Agreement / SCC: A data processing agreement has been concluded, and Standard Contractual Clauses (SCC) have been agreed where applicable. Processing by the Hosting Provider: The host stores all website-related data, including personal data automatically or actively collected (e.g., IP addresses, visited pages, names, contact and inquiry data, metadata, and communication data). Processing is carried out exclusively under our instructions and to the extent necessary to fulfill the contract. Legal Bases: Art. 6(1)(b) GDPR (contract initiation/performance) and Art. 6(1)(f) GDPR (legitimate interest in a secure, fast, and efficient online presence). Data Collection on This Website Cookies Our website uses cookies. Essential cookies ensure core functionality. Functional cookies enable additional features. Analytics/marketing cookies are used for usage analysis and advertising optimization. Third-party cookies may also be set when external services (e.g., payment providers) are integrated. Storage & Control: Session cookies are deleted when the browser is closed. Persistent cookies remain until manually deleted. Your browser allows you to: be notified about cookies, block cookies partially or entirely, or delete them automatically on exit. Disabling cookies may affect website functionality. You will be informed about third-party/analytics cookies in this privacy policy, and your consent is obtained when you first visit the website. Legal Bases: Essential/functional cookies: Art. 6(1)(f) GDPR (legitimate interest in technical functionality). All other cookies: Art. 6(1)(a) GDPR (consent, revocable at any time). Cookie Consent Management (Legal Cockpit) Tool: Consent Management Platform “Legal Cockpit” for GDPR-compliant consent collection and management. Provider: Legalcore AG, Reinhardtstr. 7, 10117 Berlin, Germany Data Processing Agreement: Yes Privacy Policy: https://cockpit.legal/datenschutz/ Processing: When you visit our website and close the consent window, your browser transmits data such as IP address, browser/device information, and visit time to Legal Cockpit. A cookie is set to associate your consent or withdrawal with your browser. Data is stored until the cookies are no longer needed, you delete them, or legal retention periods expire. Legal Basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR). Server Log Files Our hosting provider records website access and error logs. Logged data includes browser type/version, operating system, referrer URL, host name, time of server request, and IP address (possibly anonymized). We do not combine this data with other data. It is used solely for statistical purposes and to improve website performance. Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in error-free operation and anonymized access statistics). Contact Contact Form We store your message and the contact details you provide to process your inquiry and possible follow-up questions. Data is not shared without your consent. Deletion: After processing completion, upon your request, or after withdrawal of consent, unless legal retention obligations apply. Legal Bases: Contract-related inquiries: Art. 6(1)(b) GDPR Other inquiries: Art. 6(1)(f) GDPR (legitimate interest in efficient communication) With consent: Art. 6(1)(a) GDPR (revocable) Contact by E-mail, Telephone, or Fax We store your message and contact details for processing and potential follow-up. Data is not disclosed without your consent. Deletion and legal bases: as described above for the contact form. Analytics Tools and Advertising Google Tag Manager Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland Privacy Policy: https://policies.google.com/privacy Data Transfer to USA: Based on Standard Contractual Clauses (SCC): https://privacy.google.com/businesses/compliance Processing: Manages integration of tracking codes and conversion pixels. The tool does not create user profiles, store cookies, or analyze behavior; however, the IP address is transmitted to Google servers in the USA. Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in simple and efficient tool integration). With consent to IP transfer: Art. 6(1)(a) GDPR (revocable). Google Analytics Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland Data Processing Agreement: Yes Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en SCC: https://privacy.google.com/businesses/compliance Opt-out Add-on: https://tools.google.com/dlpage/gaoptout?hl=en Processing: Analysis of website usage (origin, page views, dwell time, systems). Uses cookies and similar technologies; data is transmitted to Google servers in the USA. IP Anonymization: Enabled—IP shortened within the EU/EEA before transfer. Demographics: Reports on age, gender, and interests (no personal identification). Storage duration: Up to 50 months per Google policy. Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in analysis and optimization). If consent given: Art. 6(1)(a) GDPR (revocable). Google Conversion Tracking Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland Data Processing Agreement: Yes Privacy Policy: https://www.google.de/intl/en/policies/privacy/ SCC: https://privacy.google.com/businesses/compliance Processing: Measures conversions (e.g., clicks, product views, purchases). Google may use cookies or similar technologies; we cannot personally identify users. Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing and optimizing campaigns). With consent: Art. 6(1)(a) GDPR (revocable). Google Web Fonts (Local Hosting) We use Google Web Fonts locally. No connection is established to Google servers when loading our pages. Information: https://developers.google.com/fonts/faq Privacy Policy: https://policies.google.com/privacy?hl=en