PRIVACY POLICY
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection provisions, is:
Mönchhof GmbH & Co. KG
Mönchhof
54539 Ürzig, Germany
Tel: +49 6532 93164
Email: info@moenchhof.de
II. Data Protection Officer
We do not require a Data Protection Officer.
III. General information on data processing
1. Scope of processing of personal data
We generally process personal data only to the extent necessary to provide a functioning website as well as our content and services. Personal data are processed only with the user’s consent or where obtaining consent in advance is not possible for factual reasons and processing is permitted by law.
2. Legal basis for processing personal data
Where we obtain the data subject’s consent for processing operations, Art. 6(1)(a) GDPR serves as the legal basis.
Where processing is necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Where processing is necessary to comply with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis.
Where processing is necessary to safeguard our legitimate interests or those of a third party and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis.
3. Data erasure and storage duration
Personal data are erased or blocked as soon as the purpose of storage no longer applies. Storage may continue if provided for by European or national law. Data are also blocked or erased when a statutory retention period expires, unless further storage is necessary for contract conclusion or fulfilment.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data are collected:
Browser type and version
Operating system used
Internet service provider
IP address
Date and time of access
Websites from which the user’s system reaches our website
Websites accessed by the user’s system via our website
The data are stored in our system’s log files. This does not include IP addresses or other data that enable the data to be assigned to a user; such data are not stored together with other user data.
2. Legal basis
Legal basis for temporary storage of the data and log files is Art. 6(1)(f) GDPR.
3. Purpose
Temporary storage of the IP address is necessary to deliver the website to the user’s device; the IP address must therefore be stored for the duration of the session. Log file storage is used to ensure website functionality, optimise the website and ensure the security of our IT systems. No evaluation for marketing purposes takes place in this context. These purposes also constitute our legitimate interest under Art. 6(1)(f) GDPR.
4. Storage duration
Data are erased as soon as they are no longer necessary for achieving the purpose. For website provision, this is the case when the session ends. For log files, this is no later than seven days; longer storage is possible, in which case users’ IP addresses are deleted or anonymised so that assignment to the accessing client is no longer possible.
5. Right to object
Collection of data for website provision and storage in log files is essential for operating the website; therefore, users have no right to object.
V. Use of cookies
1. Description and scope
Our website uses cookies. Cookies are text files stored in the internet browser or by the browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string enabling unique identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements require that the accessing browser can be identified even after a page change (e.g. login data for restricted areas).
We also use cookies that enable analysis of user browsing behaviour. When accessing our site, the user is informed about this use and consent is obtained for the processing of personal data used in this context; reference is also made to this Privacy Policy.
2. Legal basis
Legal basis is Art. 6(1)(c), Art. 6(1)(a) and Art. 6(1)(f) GDPR.
3. Purpose
Technically necessary cookies are used to simplify website use. Without cookies, not all functions can be offered. Data collected via technically non-necessary cookies are used to improve the quality of our website and content. This enables us to understand how the site is used and to continuously optimise our offering. These purposes also constitute our legitimate interest under Art. 6(1)(f) GDPR.
4. Storage duration / objection / removal
Cookies are stored on the user’s device and transmitted by the user to our site. Users therefore have full control over the use of cookies. By changing browser settings, users can disable or restrict cookie transmission. Stored cookies can be deleted at any time, including automatically. If cookies are disabled for our website, not all functions may be fully usable. Flash cookies cannot be prevented via browser settings, but by changing the Flash Player settings.
VI. Newsletter
1. Description and scope
Users can subscribe to a free newsletter. During registration, the following data are transmitted at minimum: name, email address, security code. At the time the message is sent, the following are also stored: IP address, date and time of registration. Consent is obtained during the registration process and reference is made to this Privacy Policy (including the consent text below). Data are not passed on to third parties and are used exclusively for sending the newsletter.
2. Legal basis
Art. 6(1)(a) GDPR.
3. Purpose
To deliver the newsletter and to prevent misuse of the contact form and ensure the security of our IT systems.
4. Storage duration
Data are deleted when no longer necessary. The user’s email address is stored as long as the newsletter subscription is active.
5. Cancellation
Users can cancel the subscription at any time via the corresponding link in every newsletter; this also constitutes withdrawal of consent for storage of personal data collected during registration.
VII. Contact form and email contact
1. Description and scope
If contact forms are available on our website and used by a user, the data entered are transmitted to us and stored. Depending on the form, these data typically include: name, first name, salutation, company, phone, email address, security check. At the time the message is sent, the IP address and date/time are also stored. Consent is obtained and reference is made to this Privacy Policy. Alternatively, contact via email is possible; in that case, personal data transmitted with the email are stored. No data are passed on to third parties; the data are used solely to process the conversation.
2. Legal basis
With consent: Art. 6(1)(a) GDPR.
For email contact: Art. 6(1)(f) GDPR.
If email contact aims at contract conclusion: additionally Art. 6(1)(b) GDPR.
3. Purpose
To process the contact request; and to prevent misuse and ensure IT security.
4. Storage duration
Data are deleted when no longer necessary. For contact form data and data transmitted by email, this is the case when the conversation with the user has ended and it can be inferred that the matter has been conclusively clarified. Additional data collected during sending are deleted after no later than seven days.
5. Withdrawal / objection
Users may withdraw consent at any time. If users contact us by email, they may object to storage at any time; in this case, the conversation cannot be continued. Withdrawal/objection can be made orally, in writing or by email. All stored personal data are deleted in such a case.
VIII. Ordering by a consumer
1. Description and scope
Users can order goods via our website. Data are entered into an input form and transmitted to us and stored. The following data may be entered: first name, last name, salutation, email address, phone, fax, address, postal code, city, country, company, VAT ID. At the time the message is sent, IP address and date/time of the order are also stored. Consent is obtained and reference is made to this Privacy Policy (including consent text below).
2. Legal basis
With consent: Art. 6(1)(a) GDPR.
If registration serves contract performance or pre-contractual measures: additionally Art. 6(1)(b) GDPR.
3. Purpose
To process the order.
4. Storage duration
Data are deleted when no longer necessary for the purpose. After contract conclusion, further storage may be necessary to comply with contractual or legal obligations.
5. Objection / removal
Users may cancel the order at any time. Users may have stored data changed at any time by contacting us by email, phone or in writing. If the data are required for contract performance or pre-contractual measures, early deletion is possible only insofar as no contractual or legal obligations prevent deletion.
IX. Content Delivery Network (Cloudflare)
1. Description and scope of data processing
We use the Content Delivery Network (CDN) provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany ("Cloudflare") to increase the security and delivery speed of our website. A CDN is a network of globally distributed servers that can deliver content to users in an optimised manner. For this purpose, personal data may be processed in Cloudflare server log files, in particular the IP address, the content accessed, and the date and time of access.
Cloudflare is a recipient of your personal data and acts as a processor on our behalf. Cloudflare has implemented compliance measures for international data transfers based on EU Standard Contractual Clauses (SCCs).
2. Legal basis
The use of Cloudflare is based on our legitimate interest in providing our website as reliably and securely as possible pursuant to Art. 6(1)(f) GDPR.
3. Purpose
The integration of Cloudflare serves to improve the loading times of our website, to protect against cyber attacks (e.g. DDoS) and to ensure the security of our IT systems.
4. Right to object
The processing of data is essential for the operation of the website. You have the right to object to processing; whether the objection is successful is determined by a balancing of interests. The functionality of the website is not guaranteed without the processing.
For more information, please see Cloudflare's Privacy Policy: https://www.cloudflare.com/privacypolicy/
X. Google Analytics
1. Description and scope of data processing
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies and similar technologies that enable analysis of your use of the website. The information generated about your use of this website is generally transmitted to and stored on a Google server.
We use Google Analytics with the "Consent Mode" (Consent Mode v2) feature. Without your consent, no cookies are set and no personally identifiable data are collected. Only after you give your express consent via our cookie banner are analytics cookies activated.
IP anonymisation: In Google Analytics 4, IP address anonymisation is enabled by default. Your IP address is truncated within Member States of the European Union or in other states party to the Agreement on the European Economic Area.
2. Legal basis
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time via our cookie banner.
3. Purpose
Google Analytics is used to analyse user behaviour on our website. We use the data and results to determine the demand for our products and services and to improve our website.
4. Storage duration
Data linked to cookies that we send are automatically deleted after 14 months.
5. Right to object / removal
You may withdraw your consent at any time via our cookie banner. Cookies already set can be deleted in your browser at any time. You can also prevent data collection by Google Analytics by installing the browser add-on for deactivating Google Analytics: https://tools.google.com/dlpage/gaoptout
For more information, see Google's Privacy Policy: https://policies.google.com/privacy
XI. Adobe Fonts
1. Description and scope of data processing
We use Adobe Fonts, a service provided by Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA, and Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland ("Adobe"), to embed fonts. When you visit our pages, your browser connects to Adobe servers to download the fonts used. In doing so, your IP address is transmitted to Adobe.
Adobe has implemented compliance measures for international data transfers based on EU Standard Contractual Clauses.
2. Legal basis
The integration of Adobe Fonts is based on our legitimate interest in a consistent and appealing presentation of our website pursuant to Art. 6(1)(f) GDPR.
3. Purpose
Adobe Fonts is used to ensure a consistent and appealing typographic presentation of our website.
4. Right to object / removal
The embedding of fonts is necessary for the appearance of the website. You can prevent the transmission to Adobe by disabling JavaScript in your browser; however, this may restrict the functionality of the website.
For more information, see Adobe's Privacy Policy: https://www.adobe.com/privacy.html
XII. Payment Processing (Stripe)
1. Description and scope of data processing
For processing credit card payments in our online shop, we use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland ("Stripe"). When paying by credit card, the payment data you enter (e.g. card number, expiry date, CVC) are transmitted directly to Stripe. We do not have access to complete credit card data.
In addition, your IP address, information about the purchase (amount, currency, order number), and, where applicable, your name and email address are transmitted to Stripe.
2. Legal basis
Processing is carried out for the performance of the purchase contract pursuant to Art. 6(1)(b) GDPR.
3. Purpose
The transmission of data to Stripe serves the purpose of payment processing and fraud prevention.
4. Storage duration
Stripe stores transaction data in accordance with statutory retention obligations. Further information can be found in Stripe's Privacy Policy.
5. Right to object / removal
As the data processing is necessary for contract performance, there is no right to object. However, you may choose an alternative payment method.
For more information, see Stripe's Privacy Policy: https://stripe.com/privacy
XIII. Payment Processing (PayPal)
1. Description and scope of data processing
We offer payment via PayPal in our online shop. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"). When you pay via PayPal, your payment data (e.g. name, email address, billing address, order amount) are transmitted to PayPal.
2. Legal basis
Processing is carried out for the performance of the purchase contract pursuant to Art. 6(1)(b) GDPR.
3. Purpose
The transmission of data to PayPal serves the purpose of payment processing and fraud prevention.
4. Storage duration
PayPal stores transaction data in accordance with statutory retention obligations and its own policies.
5. Right to object / removal
As the data processing is necessary for contract performance, there is no right to object. However, you may choose an alternative payment method.
For more information, see PayPal's Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
XIV. Newsletter Delivery (Brevo)
1. Description and scope of data processing
For sending our newsletter, we use the service Brevo (formerly Sendinblue) provided by Brevo GmbH, Köpenicker Str. 126, 10179 Berlin, Germany ("Brevo"). Brevo acts as a processor on our behalf. When you subscribe to our newsletter, your email address and name are transmitted to Brevo and stored for the purpose of newsletter delivery.
Brevo may track open rates and click rates of newsletters to analyse campaign performance.
2. Legal basis
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. Consent is obtained via a double opt-in procedure.
3. Purpose
The use of Brevo serves the reliable and secure delivery of our newsletter.
4. Storage duration
Your data are stored by Brevo for as long as your newsletter subscription is active. After unsubscribing, your data are deleted.
5. Right to object / removal
You may withdraw your consent at any time by using the unsubscribe link in every newsletter or by contacting us directly.
For more information, see Brevo's Privacy Policy: https://www.brevo.com/legal/privacypolicy/
XV. Transactional Emails (Mailgun)
1. Description and scope of data processing
For sending transactional emails (e.g. order confirmations, shipping notifications), we use the service Mailgun provided by Sinch Email (Mailgun Technologies, Inc.), 112 E Pecan St #1135, San Antonio, TX 78205, USA, via the EU region (servers in the EU). Mailgun acts as a processor on our behalf. Email address, name and the content of the respective message are transmitted to Mailgun.
Mailgun has implemented compliance measures for international data transfers based on EU Standard Contractual Clauses (SCCs).
2. Legal basis
Processing is carried out for the performance of the purchase contract pursuant to Art. 6(1)(b) GDPR, as well as on the basis of our legitimate interest in reliable email delivery pursuant to Art. 6(1)(f) GDPR.
3. Purpose
The use of Mailgun serves the reliable delivery of transactional emails as part of order processing and communication with our customers.
4. Storage duration
Mailgun stores log data for a maximum of 30 days. Email content is not stored permanently.
5. Right to object / removal
The sending of transactional emails is necessary for contract performance; therefore, there is no right to object.
For more information, see Mailgun's Privacy Policy: https://www.mailgun.com/legal/privacy-policy/
XVI. Rights of data subjects
If personal data are processed, users are data subjects within the meaning of the GDPR and have the following rights vis-à-vis the controller:
Right of access (including information on purposes, categories, recipients, storage duration, rights, complaint, origin of data, and automated decision-making/profiling). Users may also request information on transfer to third countries or international organisations and appropriate safeguards under Art. 46 GDPR.
Right to rectification of inaccurate data and completion of incomplete data.
Right to restriction of processing under the conditions set out in Art. 18 GDPR (contesting accuracy, unlawful processing, no longer needed but required for legal claims, or pending balancing after objection under Art. 21 GDPR).
Right to erasure under Art. 17 GDPR, subject to statutory exceptions (e.g. freedom of expression, legal obligations, public interest, archiving, legal claims).
Right to be informed about recipients to whom rectification, erasure or restriction has been communicated, where applicable.
Right to data portability under Art. 20 GDPR, where applicable.
Right to object under Art. 21 GDPR, including objection to direct marketing and profiling related to such marketing.
Right to withdraw consent at any time; withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right not to be subject to automated decision-making, including profiling, under Art. 22 GDPR, subject to statutory exceptions.
Right to lodge a complaint with a supervisory authority under Art. 77 GDPR.
XVII. Consents (consent texts)
Contact form
I agree that the data entered in the input form are processed for the purpose of responding to my contact request. Processing within the meaning of Art. 4(2) GDPR includes any operation performed on personal data with or without automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Newsletter
I agree that the data entered in the input form are processed for the purpose of sending a newsletter. Processing within the meaning of Art. 4(2) GDPR includes the operations listed above.
Order
I agree that the data entered in the input form are processed for the purpose of processing an order. Processing within the meaning of Art. 4(2) GDPR includes the operations listed above.
Data transfers to the USA
I agree that my personal data are transferred to the USA.
Status: March 2026