Cheese specialitiesDiscover Bavaria’s fine cheese
Mozzarella
Emmental
Almdammer
Mascarpone
Ricotta
Limburger
Butter
Cheese treatsRecipes, promotions and news
Promotions & newsExperience our dairy up close: current events, company news and a variety of promotions.
Health & regionUseful tips for your health and information from the region, the Green Roof of Europe.
A passion for cheeseYou can find all kinds of fascinating, interesting and useful facts from the world of cheese here.
Recipes & inspirationExclusive recipes and serving suggestions using cheese, created by our herb chef Andreas Meier.
Discover exclusive cheese recipes
#Ourfavouriterecipes
#Mozzarellarecipes
#Mascarponerecipes
#Ricottarecipes
Our dairyNatural. Modern. Bavarian.
Region & farmersNativeness, purity and naturalness under Europe’s Green Roof – home to our 3,100 dairy farmers.
Quality & awardsPremium Bavarian products and state-of-the art production processes stand for the utmost indulgence and guaranteed quality.
Naturalness & responsibilityNo genetic engineering and “Natural direct from farmers” – with a sense of responsibility towards people and the environment.
Company, facts, figuresGOLDSTEIG at a glance: the history, figures and people behind the dairy.
Contact:
GOLDSTEIG Käsereien
Bayerwald GmbH
Siechen 11
93413 Cham
+49 (0)9971/844-0
+49 (0)9971/844-1090
Facebook
YouTube
Instagram

Data privacy policy

I. Introduction

We’re delighted that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. We would like to use this Privacy Policy to inform you about the extent to which data are collected when you use our website, and the purposes for which we use these data. We would also like to provide you with information on your rights in this regard.

II. General information

In accordance with Art. 13 GDPR, you’ll find information about the collection of personal data when using our website below. Personal data are all data related to you personally, e.g. name, address, email addresses, user behaviour.

Controller as per Art 4(7) of the EU’s General Data Protection Regulation (GDPR) is

GOLDSTEIG Käsereien Bayerwald GmbH Siechen 11 93413 Cham Germany

https://www.goldsteig.de/impressum.

You can contact our data protection officers at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH, Alexander Bugl, Eifelstraße 55, 93057 Regensburg, Email: kontakt@buglundkollegen.de

III. Visiting our website

a. Type and purpose of processing

If you access our website, i.e. if you do not register or otherwise transmit information, information of a general nature will be recorded. This information (server log files) will include the browser type, the operating system used, the domain name of your Internet Service Provider, your IP address and the like. This is exclusively information that does not allow conclusions to be drawn about your person. Your data will be processed for the following purposes in particular:

ensuring a connection to the website can be established without any problems,
ensuring the smooth use of our website,
evaluating system security and stability, and
for other administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us in order to optimise our website and the technology behind it. Under certain circumstances, we may also use another service provider in order to be able to present the Privacy Policy. An embedding code is used, through which your IP address is transmitted to said service provider.

We process your data on the basis of our legitimate interest for a limited time in order to derive personal data in the event of unauthorised access or attempted access to local servers and to be able to properly present the privacy policy.

b. Legal basis of processing

Your data are processed in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

c. Data categories

IP address, time stamp, browser used, etc.

d. Recipient

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors, who act as data processors for the operation and maintenance of our website.

e. Retention period

The data are erased as soon as they are no longer needed to achieve the purpose for which they were collected. For the data used to provide the website, this is generally when the respective session has ended.

f. Legal / contractual requirements

You are not legally or contractually required to provide the aforementioned personal data. However, without the IP address, it is not guaranteed that our website will work. In addition, individual services may be unavailable or limited.

g. Transfer to third countries

Your data are not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Option to object

You have the right to object to the processing of your personal data. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

IV. Use of cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which the entity that sets the cookie (in this case us) receives certain information. They serve to make our website more user friendly and effective.

We use two different categories of cookies: (a) essential cookies, without which the functionality of our website would be restricted, and (b) optional cookies for the purpose of website analysis and marketing.

The use of optional cookies is based on your consent (Art. 6(1)(a) GDPR).

We describe the optional cookies used on our website in detail in our cookie banner.

V. Hosting

The hosting services we use (services for operating and providing the website) are used to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, email distribution, security services as well as technical maintenance services that we use for the purpose of operating this website.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our website on the basis of our legitimate interest in the efficient and safe provision of this website as per Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).

VI. Contact

a. Type and purpose of processing

The data you entered in the contact form is stored for the purpose of individual communication with you. It is necessary to enter a valid email address and your name for this. This is for the assignment of your query and the subsequent response to the same. Entering additional data is optional. If you contact us by email, the data you have shared (email address, if applicable your name and telephone name, etc.) will also be processed for the purpose of individual communication.

b. Legal basis of processing

The data provided is processed on the basis of a legitimate interest (Art. 6(1)(f) GDPR). By providing the contact form and our email address, we want to make it easy for you to get in touch with us. The information you provide will be stored for the purpose of processing your query and for any possible follow-up questions. If you get in touch with us to ask for a quote, the data entered will be processed to carry out pre-contractual measures (Art. 6(1)(b) GDPR).

c. Data categories

Forename and surname, contact details, address details

d. Recipient

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors such as IT service providers.

e. Retention period

Data are erased no later than 6 months after your query is processed. If a contractual relationship arises, we will be subject to the statutory retention periods as per the German Commercial Code (HGB) and will erase your data upon expiry of this period.

f. Legal / contractual requirements

The provision of your personal data is voluntary. However, we can only process your query if you disclose your name, your email address and the reason for your query.

g. Transfer to third countries

Your data are not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

VII. Registering on our website

a. Type and purpose of processing

When registering to use our personalised services, some personal data are collected, such as your name, address, contact details and communication information (e.g. phone number and email address). If you are registered with us, you can access content and services that we only provide to registered users. Registered users also have the option of changing or erasing the data provided during registration at any time, if necessary. In addition, we will provide you with information about the personal data we have stored about you at any time.

b. Legal basis of processing

The data provided during registration is processed on the basis of the user’s consent (Art. 6(1)(a) GDPR).

c. Data categories

Forename and surname, contact details, address details

d. Recipient

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors such as IT service providers, who act as data processors for the operation and maintenance of our website.

e. Retention period

Data are only processed in this context so long as the corresponding consent has been obtained. The data will be erased afterwards so long as no statutory storage obligations oppose this. To contact us about this, please use the contact details given at the start of this Privacy Policy.

f. Legal / contractual requirements

The provision of your personal data is voluntary, and is based solely on your consent. We cannot grant you access to the content or services we offer unless you provide your personal details.

g. Transfer to third countries

Your data are not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

You can withdraw your consent for the storage of your personal data at any time with effect for the future. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

VIII. Signing up to receive our newsletter

a. Type and purpose of processing

Your data will only be used to email you the newsletter to which you have subscribed. We ask you to provide your name so that we can address you personally in the newsletter and, if necessary, to identify you if you want to exercise your rights as a data subject. Providing your email address is sufficient for you to receive the newsletter. When registering for our newsletter, the data you provide will be used exclusively for this purpose. Subscribers can be informed about circumstances that are relevant for the service or registration (e.g. changes to the newsletter service or technical conditions) by email. We need a valid email address for effective registration. In order to check that the registration was actually made by the owner of an email address, we use the “double opt-in” procedure. For this purpose, we log the order of the newsletter, the sending of a confirmation email and the receipt of the requested response. No other data are collected. The data are used exclusively for sending the newsletter and are not passed on to third parties.

In addition, our sent newsletters enable us to analyse the behaviour of newsletter recipients. The things we can analyse include how many recipients opened the newsletter email, which links are clicked on and how often, and how many unsubscriptions the newsletter resulted in. These are aggregated data. It is not possible for us to draw any direct conclusions about you as a person.

If you have purchased goods and/or services from us, we are entitled to send you information about similar goods and services using the email address you gave us at the time of purchase (§ 7 III Act against Unfair Competition – UWG). You can object to the use of your email address at any time, either as a whole or for individual measures, e.g. email, post or via the unsubscribe link in our newsletter.

b. Legal basis of processing

We will regularly send our newsletter or similar information by email to the email address you provided on the basis of your express consent (Art. 6(1)(a) GDPR) or on the basis of legitimate interest (Art. 6(1)(f) GDPR) in conjunction with the requirements of §7 III UWG.

c. Data categories

Email address, forename and surname, maybe IP address, etc.

d. Recipient

The recipients of the data are internal employees in the Marketing and Sales department and IT service providers for sending the newsletter within scope of order processing as per Art. 28 GDPR.

e. Retention period

Your data are only processed in this context so long as the corresponding consent has been obtained or until you object to their processing. They will then be erased.

f. Transfer to third countries

Your data are not processed outside of the European Union (EU) or the European Economic Area (EEA).

g. Revoking consent for/objecting to processing

You can withdraw your consent for the storage of your personal data and their use for sending the newsletter at

any time with effect for the future. There is a link for this in every newsletter. You can also unsubscribe directly on this website or inform us that you are revoking your consent using the contact details provided at the start of this Privacy Policy.

h. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

IX. Information requirements in the application procedure

a. Type and purpose of processing

We process applicant data only for the purpose of and within the framework of an application procedure in accordance with legal requirements. The applicant data are processed to fulfil our (pre-)contractual obligations within the scope of the application procedure, insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures.

The application procedure requires applicants to provide us with application data. The required applicant data are marked if we offer an online form, otherwise will come from the job description and generally include personal data, postal and contact addresses and the documents associated with the application, such as a cover letter, curriculum vitae and references. Applicants can also voluntarily provide us with additional information. By submitting an application to us, applicants consent to the processing of their data for the purposes of the application procedure in the manner and to the extent set forth in this Privacy Policy. If provided, applicants can submit their applications using an online form on our website. The data are encrypted in a state-of-the-art manner and sent to us. Applicants can also send an email to bewerbungen@goldsteig.de to submit an application. Please note, however, that emails are generally not encrypted when sent and the applicant must ensure that they are encrypted themselves. We can, therefore, accept no responsibility for the route data takes between the sender and its arrival on our server; we recommend using our online form or sending your application by post. The data provided by applicants may be processed further by us for employment purposes in the event of a successful application.

b. Legal basis of processing

Your data are primarily processed for the purposes of establishing an employment relationship as per Art. 88(1) GDPR in conjunction with § 26(1) BDSG (German Data Protection Act).

c. Data categories

Your core data (i.e. forename, surname, name affixes, date of birth), work permit / residence permit if applicable, contact details (e.g. personal address, (mobile) phone number, email address), details on skills (e.g. special knowledge and skills) if relevant to the advertised position: medical suitability and other details come from application documents.

If special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily provided, they will also be processed in accordance with Art. 9(2)(b) GDPR (e.g. health-related data such as severe disability or ethnic origin).

d. Recipient

The recipients of the data are internal employees of Goldsteig (e.g. department, works council, severely handicapped employee representative)

e. Retention period

Subject to reasonable withdrawal by the applicants, the data will be erased once 6 months have passed so that we can respond to any follow-up questions and to allow us to satisfy our obligation to provide proof as per the Act on Equal Treatment. Invoices for any travel expenses reimbursed shall be archived in accordance with tax law requirements.

f. Legal / contractual requirements

The provision of your personal data beyond the retention period (e.g. in order to be included in our applicant pool) is voluntary, and is based solely on your consent. You can withdraw your consent for the storage of your personal data at any time with effect for the future.

g. Transfer to third countries

Your data are not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If an application for a vacancy is unsuccessful, the applicant’s data will be erased. An applicant’s data will also be withdrawn if they withdraw their application, which the applicant is entitled to do at any time. You can withdraw your consent for the storage of your personal data beyond the retention period at any time with effect for the future. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

X. Your rights

If your personal data are processed as a user, you are deemed to be a data subject as per the GDPR. Data subjects have the following rights vis-à-vis the controller:

Right of access (Art. 15 GDPR)
Right to rectification or erasure of personal data (Art. 16, 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to notification regarding the rectification or erasure of your personal data or the restriction of processing (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw any declarations of consent given. The lawfulness of the data processing carried out based on consent valid until that point shall not be affected by its withdrawal. (Art. 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact details for the supervisory authorities of individual countries

XI. Use of Google Analytics

a. Type and purpose of processing

This website uses Google Analytics, a web analysis service at Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics uses so-called “cookies”, i.e. text files, that are stored on your computer and allow for your use of the website to be analysed. The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be shortened by Google within Member States of the European Union or in contracting states of the Agreement on the European Economic Area. Only in exceptional cases is your full IP address transferred to a Google server in the USA and shortened there. On behalf of the website operator, Google uses this information to assess your use of the website, to compile reports on website activity and to provide other services relating to website usage and Internet usage to the website operator. The IP address sent by your browser as part of the Google Analytics service will not be merged with other data by Google. The purpose of processing these data is to evaluate the use of the website and to compile reports on activity on the website. Other services shall then be provided on the basis of the use of the website and the Internet.

b. Legal basis of processing

The data provided is processed on the basis of the user’s consent (Art. 6(1)(a) GDPR).

c. Data categories

IP address (shortened/anonymised)
Time stamp, browser, etc.

d. Recipient
Employees in the IT and marketing departments at
Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland.

e. Retention period

f. Legal / contractual requirements

The provision of your personal data is voluntary, and is based solely on your consent. If you prevent access, this may result in website features being restricted.

g. Transfer to third countries

Your data also being processed outside of the European Union (EU) or the European Economic Area (EEA) cannot be ruled out.

h. Withdrawal of consent

You can withdraw your consent for the storage of your personal data at any time with effect for the future.

You can prevent the storage of cookies on your computer through the corresponding setting in your browser; however, we would like to point out that in this case you may not be able to make full use of all this website’s functions. You can also prevent the personal data (incl. your IP address) generated by the cookie regarding your usage of the website being collected and processed by Google by downloading and installing this plug-in: “Google Analytics opt-out browser add-on”.

i. Automatic decision-making and profiling

Using the tracking tool, Google Analytics can assess the behaviour of visitors to the website and analyse their interests. We create a pseudonymous user profile for this purpose.

XII. Use of Google Maps

a. Type and purpose of processing

We also use Google Maps service on this website. Google Maps is operated by Google Cloud EMEA Ltd. This allows us to show you interactive maps on our website and enables you to use the convenient map function. More information on how Google processes data can be found in Google’s Privacy Policy. You can also amend your personal privacy settings in the privacy centre. When you visit the website, Google receives information that you accessed the corresponding subpage on our website. This happens regardless of whether Google has provided a user account via which you are logged in, or whether no such user account exists. If you are logged into Google, your data will be assigned directly to your account. If you do not want these data to be assigned to your Google profile, you must logout before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing their website to meet demand. Such an evaluation takes place in particular (even for users who are not logged in) to provide advertising to meet demand and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile; you must contact Google to exercise this right.

b. Legal basis of processing

The legal basis for the integration of Google Maps and the associated transfer of data to Google is your consent (Art. 6(1)(a) GDPR).

c. Data categories

IP address, time stamp, browser used, etc.

d. Recipient

The recipients of the data are internal employees of Goldsteig and Google as data processors.

e. Retention period

f. Legal / contractual requirements

The provision of your personal data is voluntary, and is based solely on your consent. If you prevent access, this may result in website features being restricted.

g. Transfer to third countries

Your data also being processed outside of the European Union (EU) or the European Economic Area (EEA) cannot be ruled out.

h. Withdrawal of consent

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. However, in this case you will only be able to use our website to a limited extent if at all. You can withdraw your consent for the storage of your personal data at any time with effect for the future.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

XIII. Facebook, YouTube and Instagram profiles

We maintain profiles on social networks to inform the users active there about our services and to communicate directly via the platforms if they are interested. We are currently on the following networks:

https://www.facebook.com/GoldsteigKaesespezialitaeten

https://www.youtube.com/user/GoldsteigKaesereien

https://www.instagram.com/goldsteig kaesespezialitaeten/

Visitors to our website can only access our social media channels via external links. We do not use plug-ins or other interfaces that are offered by the respective networks to embed their service on websites.

We have no influence on the data collected or on how they are processed by the social networks. We do not know the extent to which data are stored, where they are stored or for how long they are stored, the extent to which the networks meet existing erasure obligations, which assessments are carried out and which links are established with the data, and to whom the data are passed on. We are therefore drawing attention to the fact that user data (e.g. personal information, IP address) are stored by the network operators in accordance with their respective data usage policies and are used for commercial purposes.

We process the data of social media users insofar as they contact and communicate with us via comments or direct messages.

The legal foundation for processing user data is Art. 6(1)(b) and (f) GDPR.

Facebook/Instagram
YouTube

You can access the Facebook social media network via external links on our website. All the social media network’s features are provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The Facebook channels can only be accessed via an external link. If you are logged into your own Facebook profile and access our social media channel, Facebook can assign your visit to your logged-in profile. If you do not want your user account assigned to your IP address, please log out of your Facebook account before using our website.

For more information on the processing of your data, we would like to refer you to Facebook’s Privacy Policy:https://facebook.com/privacy/explanation and to our Facebook Page data policy, which can be found below.

No features or content from the service YouTube, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found on our website. The YouTube channels can only be accessed via an external link. If visitors to our website are members of the platform YouTube, YouTube can assign this visit to our social media channel to the user’s profile provided that they visit our YouTube profile while logged in. We would like to point out that we have no influence on the content or scope of usage of the data collected by YouTube. For more information on this, we would like to refer you to YouTube’s Privacy Policy: https://policies.google.com/privacy

We would also like to point out that you can make changes to your YouTube account to protect your privacy.

XIV. TikTok profile

a. Type and purpose of processing

We are delighted that you are interested in our presence on TikTok. We would like to give you an overview of the data we collect, use and store there.

Social networks can usually comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media profile on TikTok, numerous privacy-related processing procedures are triggered. Specifically:

If you are logged into your TikTok account and visit our social media profile, TikTok can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have a TikTok account. In this case, the data would be collected via cookies stored on your device or by recording your IP address. By using data collected in this way, TikTok can create user profiles in which your preferences and interests are recorded. This means you can be shown adverts related to your interests both inside and outside TikTok. If you have an account on TikTok, these adverts related to your interests may be shown on all devices on which you are or were logged in. Please also note that we cannot track all processing procedures on TikTok. It is possible, therefore, that other processing procedures take place on TikTok. You can find details about this in TikTok’s Terms of Service and Privacy Policy.

b. Legal basis of processing

Your data are processed in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in being able to contact our customers. The analysis processes initiated by TikTok may be based on different legal grounds, which must be stated by TikTok (e.g. consent as defined by Art. 6(1)(a) GDPR).

c. Data categories

Please refer to TikTok’s Privacy Policy to find out which specific data are collected and how they are used:

TikTok: https://www.tiktok.com/legal/privacy-policy?lang=de

d. Recipient

Employees of the company
TikTok

e. Retention period

Once the purpose for which they were collected has ended and once we have finished using TikTok, the data collected in this context will be deleted.

f. Legal / contractual requirements

The provision of your personal data is voluntary. We cannot grant you access to the content or services we offer unless you provide your personal details.

g. Transfer to third countries

Your data are also processed by TikTok outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If your personal data are processed on the basis of legitimate interests as per Art. 6(1)(f) GDPR, you have the right, as per Art. 21 GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. If you would like to exercise your right to object, an email to the contact address above is enough.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

XV. Facebook Page

GOLDSTEIG Käsereien Bayerwald GmbH has a profile on Facebook, a so-called Facebook Page. The following supplementary information on data processing applies to visiting our Page. General information on data protection on Facebook can be found here (https://www.facebook.com/about/privacy/).

1. General responsibility, contact details, company data protection officer:

As per Art. 26 GDPR we are jointly responsible for operating our Facebook Page with Facebook. To this end, we have entered into an agreement with Facebook specifying who must fulfil which obligations with regard to data protection. This agreement can be accessed here

(https://www.facebook.com/legal/terms/page_controller_addendum). According to the agreement, Facebook is primarily responsible for providing the data subject with information about the joint processing of their data and to make it possible for them to exercise their rights. Regardless, we hereby provide you with information about your visit to our Page.

Our contact details are:

GOLDSTEIG Käsereien Bayerwald GmbH

Siechen 11 93413 Cham Germany

info@goldsteig.de

You can contact Facebook at:

Meta Platforms Ireland Ltd.

4 Grand Canal Square,

Grand Canal Harbour,

Dublin 2, Ireland

You can contact Facebook online here (https://www.facebook.com/help/contact/2061665240770586)

You can contact our company’s data protection officers at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH

Alexander Bugl

Eifelstraße 55

93057 Regensburg

Email: kontakt@buglundkollegen.de

You can contact Facebook’s data protection officers at

https://www.facebook.com/help/contact/540977946302970.

2. Collection and storage of personal data, as well the type and purpose of their use:

a) Data recorded by Facebook:

If you are a Facebook user, Facebook collects the data described in Facebook’s Privacy Policy under “What information do we collect?”. If you are not a Facebook user, cookies (small text files) with identifiers may still be stored in your browser, thus making it possible to track your user behaviour.

Usually, data collected when visiting Facebook are also processed by Facebook for market research and advertising purposes. Complex user profiles are created based on user behaviour (even when visiting our Page); Facebook can use them to provide visitors with personalised ads, both within and outside of Facebook. You can find more information about this in Facebook’s Privacy Policy.

If you do not agree with this, you can click here to opt out.

b) Data used by us (“Page Insights”) and legal grounds:

Facebook provides us with statistics and usage data that we can use to analyse the use of our Page (so called “Page Insights”). This allows us to continuously improve what we’re doing on Facebook. As the operator, we do not make any decisions regarding the processing of Insights data or any other information resulting from Art. 13 GDPR, such as storage period of cookies on end user devices. As per GDPR, the primary responsibility for the processing of Insights data lies with Facebook and Facebook meets all GDPR obligations with regard to the processing of Insights data.

We, as the Page administrator, have no other way – including user tracking – to evaluate user behaviour on our Page. It is inherently impossible for us to identify visitors to our Page using the Page Insights. In particular, in accordance with the agreement, we have no right to ask Facebook to disclose individual visitor data. Identification is possible only if we can assign individual profile pictures to page “Likes”, but exclusively in the cases where the respective visitor clicked on the “Like” button on our fan page and “Like” information is set to “public”.

You can find which information Facebook uses to generate Page Insights here.

Operating the Facebook Page and using the Page Insights serve our legitimate interest in effective external representation and efficient communication with our customers and interested parties. This interest justifies the operation of the Page, both against the legitimate interests of Facebook users and against visitors to our Page who do not have a Facebook account.

Accordingly, the legal foundation for this is Art. 6(1)(f) GDPR.

3. Passing data on to third parties:

Data collected by Facebook is exchanged and processed within the entire Facebook group. Instagram, WhatsApp and Oculus are also part of the Facebook group. For example, information collected by Facebook in order to show the user personalised ads on Instagram, and information collection by WhatsApp is used to take action on Facebook against accounts that use WhatsApp to send spam. This information can be found in Facebook’s Privacy Policy under “How do the

Facebook companies work together?”.

When Facebook processes data, it may be the case that user data are transferred outside of the European Economic Area (EEA), particularly to the USA.

4. Right to object:

If your personal data are processed on the basis of legitimate interests as per Art. 6(1)(f) GDPR, you have the right, as per Art. 21 GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. In the latter case, you have a general right to object, which we will implement without any particular situation being stated. If you would like to exercise your right to object, it is sufficient to send an email to info@goldsteig.de or to use our contact form.

5. Data subject rights:

You have the right to withdraw your consent to us at any time. This will have the result that we will no longer be allowed to continue any data processing that was based on this consent in the future. You also have the right of access as per Art. 15 GDPR, the right of rectification as per Art. 16 GDPR, the right to erasure as per Art. 17 GDPR, the right to restriction of processing as per Art. 18 GDPR and the right to data portability as per Art. 21 GDPR. Furthermore, you also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In principle, you may assert your rights as a data subject against both Facebook and us. As only Facebook has direct access to your user data, it is most effective to assert your data subject rights against Facebook.

XVI. Use of a Social Wall

a. Type and purpose of processing

On our site, you will find embedded feeds from various social media platforms which are accessed via the API provided by the plug-in operator “Walls.io GmbH, Schönbrunner Straße 213/215, 3rd Floor, 1120 Vienna”. The visited website merely displays the feeds and doesn’t transfer any user data itself.

For more information on the provider’s Privacy Policy, please go to https://walls.io/privacy.

If you access the Social Wall and consent to data transmission, your browser establishes a direct connection to the plug-in provider’s server. The content of the respective plug-in will then be transmitted from the provider in question and integrated into the page.

By integrating the plug-ins, the providers are informed that your browser accessed the respective page of our website, even if you have no profile with or if you are currently not logged in to the provider in question. This information (including your IP address) is sent by your browser directly to a server of the respective provider and stored there. If you are logged in with one of the services, the plug-in provider will be able to immediately assign your visit to our website to your profile on the respective social media platform. If you interact with the plug-ins, the corresponding information will also be send straight to a server of the plug-in provider and stored there. The information will also be published in the social network and shown to you there.

b. Legal basis of processing

Your data are processed in accordance with Art. 6(1)(a) GDPR on the basis of your voluntary consent.

c. Data categories

Only your IP address is processed by Walls.io. Please refer to the privacy policies of the social media platforms to find out which specific data are collected by the respective service providers and how they are used:

d. Recipient

Employees of Goldsteig, Walls.io, as our service provider, and the social media platforms in question.

e. Retention period

The data which the plug-in operator, Walls.io, directly collects by using the API is erased from our systems as soon as the purpose for which it was stored no longer applies, when you request its erasure, if you withdraw your consent to storage or the purpose of data retention no longer applies.

We have no influence on the period for which the social network operators store your data for their own purposes. For more details about this, please refer directly to the social network operators (e.g. in their privacy policies, see above).

f. Legal / contractual requirements

The provision of your personal data is voluntary. We cannot grant you access to the content or services we offer unless you provide your personal details.

g. Transfer to third countries

Your data may be processed outside of the European Union (EU) or the European Economic Area (EEA) if you click on Social Wall posts.

h. Withdrawal of consent

You can withdraw your consent for the storage of your personal data at any time with effect for the future.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.