Privacy Policy

1. Information about the collection of personal data and controller details

1.1

We appreciate your visit to our website and your interest in our services. This Privacy Policy explains how we handle your personal data when you use our website.
“Personal data” means any information that can identify you directly or indirectly.

1.2

The data controller responsible for processing personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Sienna Coast

The controller is the individual or entity that determines the purposes and means of processing personal data.

1.3

To protect your information and ensure secure transmission of confidential content (such as orders or inquiries), our website uses SSL/TLS encryption.
You can recognize a secure connection by “https://” in the browser address bar and the padlock icon.

2. Data collection when visiting our website

If you visit our website for information only (i.e., without registering or submitting information), we only collect the data that your browser transmits to our server (so-called server log files). This includes data that is technically required to display the website correctly:

  • Pages visited on our website

  • Date and time of access

  • Amount of data transmitted (in bytes)

  • Referrer URL / source from which you accessed the page

  • Browser type and version

  • Operating system

  • IP address (where applicable, in anonymized form)

This processing is carried out under Art. 6(1)(f) GDPR, based on our legitimate interest in maintaining and improving the stability, security, and functionality of our website.

We do not use this data for other purposes unless there are specific indications of unlawful use, in which case we may review log files retrospectively.

3. Cookies

To improve user experience and enable certain website features, we use cookies on some pages. Cookies are small text files stored on your device.

  • Session cookies are deleted when you close your browser.

  • Persistent cookies remain stored and allow us (or our partners) to recognize your browser on future visits. These are automatically deleted after a defined period.

Cookies may store and process information such as browser details, approximate location data, and IP address values.

Processing via cookies is based on:

  • Art. 6(1)(b) GDPR (if required for contract performance), or

  • Art. 6(1)(f) GDPR (legitimate interest in a functional, user-friendly website)

You can configure your browser to manage or block cookies. Disabling cookies may limit website functionality.

Browser help pages:

4. Contact

When you contact us (e.g., via email or contact form), we process personal data solely to respond to your request.

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest), or

  • Art. 6(1)(b) GDPR if related to a contract

Your data is deleted once your request is fully handled unless legal retention requirements apply.

5. Customer accounts and contract processing

We process personal data necessary to create a customer account and fulfill orders under Art. 6(1)(b) GDPR.

You may delete your customer account at any time by contacting us. After contract completion or account deletion, data is restricted according to statutory retention periods and deleted afterward unless further processing is legally permitted.

6. Use of data for direct advertising

6.1 Newsletter subscription

If you subscribe to our newsletter, we use your email address to send updates and offers.

  • Double opt-in procedure

  • Subscription data (IP address, date, time) is stored for verification

Legal basis: Art. 6(1)(a) GDPR

You may unsubscribe at any time.

6.2 Newsletter for existing customers

If you provided your email during a purchase, we may send offers for similar products.

Legal basis: Art. 6(1)(f) GDPR

You may object at any time.

7. Data processing for order handling

7.1 Shipping and payment processing

We share personal data with shipping providers and payment institutions as required to fulfill contracts.

Legal basis: Art. 6(1)(b) GDPR

7.2 Payment service providers

PayPal
Payments are processed via PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.
PayPal may conduct credit checks.

Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR
Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Credit card payments (Visa, MasterCard, American Express)
Payments are processed by secure payment providers.
We do not store credit card details.
Processing complies with PCI-DSS standards.

Legal basis: Art. 6(1)(b) GDPR

8. Review reminders

With your explicit consent, we may send a one-time review reminder by email.

Legal basis: Art. 6(1)(a) GDPR

9. Social media plugins (Shariff solution)

Connections are only established when you click a button.

10. Online marketing

10.1 DoubleClick by Google

Used for advertising performance measurement.

Legal basis: Art. 6(1)(f) GDPR

10.2 Google Ads conversion tracking

Measures advertising effectiveness.

Legal basis: Art. 6(1)(f) GDPR

11. Web analytics

Google Analytics (Universal Analytics)
IP anonymization is enabled.

Legal basis: Art. 6(1)(f) GDPR

12. Retargeting and remarketing

  • Facebook PixelArt. 6(1)(a) GDPR

  • Google Ads RemarketingArt. 6(1)(f) GDPR

13. Rights of the data subject

You have the right to:

  • Access (Art. 15)

  • Rectification (Art. 16)

  • Erasure (Art. 17)

  • Restriction (Art. 18)

  • Data portability (Art. 20)

  • Withdraw consent (Art. 7(3))

  • Lodge a complaint (Art. 77)

13.2 Right to object

You may object to processing based on legitimate interests or direct marketing at any time.

14. Storage duration

Personal data is retained only as long as necessary and in accordance with legal retention obligations. After expiration, data is deleted unless further lawful processing applies.