Privacy policy

PRIVACY POLICY AND COOKIE POLICY

Website: https://monarch-shop.eu
Last updated: 23.03.2026


1. Data Controller
The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:
Slomax Group s.r.o.
Hlavní 28/20a
362 63 Dalovice
Czech Republic
Registration number (IČO): 28195809
VAT ID: CZ28195809
Email: info@slomax.eu
Phone: +420 720 071 920
Managing Director: Andrii Reshetniak


2. Scope of Data Processing
2.1. This Privacy Policy applies to all personal data processed through our website, including when users browse the website, create an account, place orders, subscribe to services, or interact with marketing communications.


3. Categories of Personal Data
3.1. We may process the following categories of personal data:
3.1.1. Identification data (name, surname)
3.1.2. Contact data (email address, phone number)
3.1.3. Account data (login credentials, account settings)
3.1.4. Order data (products purchased, order history, pricing, VAT data)
3.1.5. Payment data (payment method, transaction data – processed via payment providers)
3.1.6. Delivery data (billing and shipping addresses, delivery preferences)
3.1.7. Communication data (support requests, emails, complaints)
3.1.8. Subscription data (subscription contracts, billing cycles, discounts, selling plans)
3.1.9. Technical data (IP address, browser type, device information, operating system)
3.1.10. Usage data (website interactions, pages visited, timestamps)
3.1.11. Marketing data (consents, campaign interactions, conversions)
3.1.12. Fraud prevention and security data
3.1.13. Online identifiers (cookies, pixel data, advertising identifiers)
3.1.14. Location data (approximate location derived from IP address)


4. Legal Bases for Processing
We process personal data based on the following legal grounds:
Art. 6(1)(b) GDPR – performance of a contract (order processing, delivery)
Art. 6(1)(c) GDPR – legal obligations (tax and accounting requirements)
Art. 6(1)(f) GDPR – legitimate interests (security, fraud prevention, analytics)
Art. 6(1)(a) GDPR – consent (marketing, cookies, tracking)
We may also process contact data for direct marketing purposes based on consent (Art. 6(1)(a) GDPR) or, where applicable, based on legitimate interest (Art. 6(1)(f) GDPR) in accordance with applicable e-privacy laws.


5. Purposes of Data Processing
5.1. We process personal data for the following purposes:
5.1.1. Processing and fulfilling orders
5.1.2. Managing customer accounts
5.1.3. Handling payments and billing
5.1.4. Delivery and logistics
5.1.5. Customer support and communication
5.1.6. Managing subscriptions and recurring orders
5.1.7. Fraud prevention and security
5.1.8. Website analytics and performance improvement
5.1.9. Marketing and advertising (where consent is given)
5.1.10. Direct marketing and remarketing communications via email and, where permitted, via phone or messaging channels, based on consent or applicable legal provisions.
5.1.11. Audience creation, remarketing, and personalized advertising
5.1.12. Measurement of advertising effectiveness and conversion tracking


6. Payment Processing
6.1. Payments are processed via third-party payment providers. We do not store full payment details such as credit card numbers.
6.2. Available payment methods may include:
6.2.1. Shop Pay
6.2.2. Google Pay
6.2.3. Apple Pay
6.2.4. Credit and debit cards (Visa, Mastercard, American Express, Maestro, UnionPay)
6.2.5. Local payment methods (e.g. Bancontact)
6.3. Availability depends on country, device, and provider.


7. Subscription Services
7.1. We use Appstle Subscriptions (Appstle Inc.) to offer recurring product subscriptions.
7.2. In connection with subscription services, the following data may be processed:
7.2.1. Customer and account data
7.2.2. Contact details
7.2.3. Billing and shipping information
7.2.4. Order history
7.2.5. Subscription contract data
7.2.6. Discount and selling plan data
7.2.7. Payment method information
7.2.8. Technical data required for subscription functionality
7.3. Subscriptions operate on an auto-renew basis unless cancelled by the customer.


8. Recipients of Data (Processors)
8.1. We may share personal data with the following categories of service providers:
8.1.1. Shopify Inc. – e-commerce platform
8.1.2. Payment providers – payment processing
8.1.3. Shipping providers – delivery services (PPL, DPD, GLS)
8.1.4. Google LLC – analytics, advertising, Merchant Center
8.1.5. Meta Platforms Inc. – advertising and tracking
8.1.6. Appstle Inc. – subscription management
8.2. All processors are bound by data processing agreements where required.
8.3. Some service providers may act as independent controllers (e.g. Google, Meta) for certain data processing activities.


9. International Data Transfers
9.1. Personal data may be transferred outside the European Economic Area (EEA), in particular to:
9.1.1. Canada (adequacy decision by EU Commission)
9.1.2. United States (EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses)
9.2. Appropriate safeguards are implemented to ensure data protection.
9.3. Where data transfers rely on Standard Contractual Clauses (SCCs), additional safeguards are implemented where necessary.


10. Data Retention
10.1. We retain personal data only as long as necessary:
10.1.1. Order and accounting data: up to 10 years (legal obligations)
10.1.2. Customer account data: until deletion request
10.1.3. Marketing data: until consent is withdrawn
10.1.4. Technical and analytics data: as required for operational purposes
10.2. Data may be retained longer where required for the establishment, exercise, or defense of legal claims.


11. Data Subject Rights
11.1. You have the following rights under GDPR:
11.1.1. Right of access (Art. 15 GDPR)
11.1.2. Right to rectification (Art. 16 GDPR)
11.1.3. Right to erasure (Art. 17 GDPR)
11.1.4. Right to restriction of processing (Art. 18 GDPR)
11.1.5. Right to data portability (Art. 20 GDPR)
11.1.6. Right to object (Art. 21 GDPR)
11.1.7. Right to withdraw consent (Art. 7 GDPR)
11.2. To exercise your rights, contact: info@slomax.eu
11.3. You also have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.


12. Cookies and Tracking Technologies
12.1. We use cookies and similar technologies to operate our website and improve user experience.
12.2. Types of Cookies
12.2.1. Strictly Necessary Cookies. Required for website functionality (checkout, login, security)
12.2.2. Analytics Cookies. Used to analyze website usage (Google Analytics 4)
12.2.3. Marketing Cookies. Used for advertising and remarketing (Google Ads, Meta)
12.3. Cookies may include first-party and third-party cookies, as well as similar technologies such as pixels, tags, and local storage.


13. Consent Management
13.1. We use a Consent Management Platform (CMP) integrated with Shopify.
13.2. Non-essential cookies are only set after user consent
13.3. Users can manage or withdraw consent at any time
13.4. Consent is recorded and stored for compliance purposes
13.5. Users may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.


14. Google Analytics and Advertising
14.1. We use: Google Analytics 4 (GA4), Google Ads, Google Merchant Center
14.2. These services may collect:
14.2.1. IP address (anonymized where applicable)
14.2.2. Device and browser data
14.2.3. User behavior and interactions
14.2.4. Conversion data
14.3. We may use Enhanced Conversions / Customer Match, which requires user consent.
14.4. Google may act as an independent data controller for certain processing activities.
14.5. Google services may use cookies, advertising identifiers, and tracking technologies to measure performance and deliver personalized advertising.


15. Meta (Facebook / Instagram)
15.1. We use Meta Business Tools for: Advertising, Conversion tracking and Audience building
15.2. Meta may process:
15.2.1. Website interaction data
15.2.2. Device identifiers
15.2.3. Marketing interaction data
15.3. Meta may act as a joint controller or independent controller depending on the processing activity.


16. Data Security
16.1. We implement appropriate technical and organizational measures to protect personal data, including:
16.1.1. Secure HTTPS encryption
16.1.2. Access control
16.1.3. Data minimization
16.1.4. Monitoring and protection against unauthorized access


17. Marketing Communications
17.1. We may send marketing communications via email and, where applicable, via phone or messaging channels, subject to applicable legal requirements.
17.2. Marketing communications are sent only:
17.2.1. where the Customer has given consent, or
17.2.2. where permitted under applicable law (e.g. existing customer relationship).
17.3. Customers may opt out of marketing communications at any time via the unsubscribe link or by contacting us.
17.4. Opting out does not affect transactional communications related to orders or account management.


18. Automated Decision-Making
18.1. We do not carry out automated decision-making or profiling that produces legal effects concerning the user within the meaning of Art. 22 GDPR.


19. Data Minimization
19.1. We process only personal data that is necessary for the purposes described in this Privacy Policy.


20. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.


21. Changes to this Policy
We reserve the right to update this Privacy Policy to reflect legal or operational changes. The latest version will always be available on our website.