Data privacy policy

I. Introduction

We’re delighted that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. We would like to use this Privacy Policy to inform you about the extent to which data is collected when you use our website, and the purposes for which we use this data. We would also like to provide you with information on your rights in this regard.

II. General information

In accordance with Art. 13 of the GDPR, please find the following information about the collection of personal data when using our website. Personal data means all data that relates to you personally, e.g. your name, address, email addresses, user behaviour.

The controller as per Art. 4(7) of the EU General Data Protection Regulation (GDPR) is

GOLDSTEIG Käsereien Bayerwald GmbH Siechen 11 93413 Cham, Germany 
https://www.goldsteig.de/impressum.

You can contact our data protection officer at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH, Alexander Bugl, Eifelstraße 55, 93057 Regensburg, Email: kontakt@buglundkollegen.de

III. Visiting our website

a. Type and purpose of processing

When you access our website, i.e. if you do not register or sent information otherwise, information of a general nature will be automatically collected. This information (server log files) includes the browser type, the operating system used, the domain name of your Internet service provider, your IP address and the like. This exclusively consists of information which does not allow any conclusions to be drawn about your person. Such information will be processed for the following purposes in particular: 

• Ensuring a smooth connection to the website,
• ensuring the smooth use of our website,
• ensuring the evaluation of the system security and stability, as well as
• for other administrative purposes, such as loading the fonts that are on our own servers. 

We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us in order to optimise our website and the technology behind it. Under certain circumstances, we may also use another service provider in order to be able to present the Privacy Policy. This process involves the use of an embedding code through which your IP address is transmitted to said service provider.
We process your data on the basis of our legitimate interest for a limited time in order to derive personal data in the event of unauthorised access or attempted access to local servers and to be able to properly present the Privacy Policy.

b. Legal basis of processing

Your data is processed in accordance with point (f) of Art. 6(1) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

c. Data categories

IP address, time stamp, browser used, etc.

d. Recipients

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors, who process data for the operation and maintenance of our website.

e. Retention period

The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. For the data used to provide the website, this is generally when the respective session has ended.

f. Legal/contractual requirements

You are not legally or contractually required to provide the aforementioned personal data. However, without the IP address, it is not guaranteed that our website will work. In addition, individual services may be unavailable or limited.

g. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Option to object

You have the right to object to the processing of your personal data at any time. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

IV. Use of cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, through which the entity that sets the cookie (in this case us) receives specific information. Their purpose is to make the internet offering more user-friendly and effective overall. 

A distinction is generally made between two different categories of cookies: (a) essential cookies, without which the functionality of our website would be restricted, and (b) optional cookies for the purpose of website analysis and marketing.

As no optional cookies are used on our website, consent and therefore a cookie banner is omitted. The use of the essential (necessary) cookies is based on our legitimate interest according to point (f) of Art. 6(1) of the GDPR.

V. Hosting

The hosting services we use (services for operating and providing the website) are used to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, email distribution, security services as well as technical maintenance services that we use for the purpose of operating this website.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our website on the basis of our legitimate interest in the efficient and safe provision of this website as per Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).

VI. Contact

a. Type and purpose of processing

The data you entered in the contact form is saved and stored for the purpose of individual communication with you. It is necessary to enter a valid email address and your name for this. This is for the assignment of your query and the subsequent response to the same. The provision of additional data is optional. If you contact us by email, the data that you share (email address, if applicable your name and telephone number, etc.) will also be processed for the purpose of individual communication.

b. Legal basis of the processing

The data provided is processed on the basis of a legitimate interest (point (f) of Art. 6(1) of the GDPR). By providing the contact form and our email address, we want to make it easy for you to get in touch with us. The information you provide will be stored for the purpose of processing your query and for any possible follow-up questions. If you get in touch with us to ask for a quote, the data entered will be processed to carry out pre-contractual measures (point (b) of Art. 6(1) of the GDPR).

c. Data categories

Forename and surname, contact details, address details

d. Recipients

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors such as IT service providers.

e. Retention period

Data is erased no later than 6 months after your query has been processed. If a contractual relationship is established as a result, we will be subject to the statutory retention periods as per the German Commercial Code (HGB) and will erase your data upon expiry of this period.

f. Legal/contractual requirements

The provision of your personal data is voluntary. However, we can only process your query if you disclose your name, your email address and the reason for your query.

g. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Automated decision-making and profiling

As a responsible company, our data processing does not include automated decision-making or profiling.

VII. Registration on our website (farmers, retail, food service)

a. Type and purpose of the processing

We may process the personal data of our customers, suppliers and partners for the purposes of communication, planning, the implementation of the contractual relationship and marketing.

b. Legal basis of the processing

The processing of the data provided is based on a legitimate interest (point (f) of Art. 6(1) of the GDPR) and the performance of a contract (point (b) of Art. 6(1) of the GDPR)

c. Data categories

• Contact information (full name, company, professional email address, professional telephone and fax number, professional address)
   
• Further necessary information in a project or a contractual relationship or information that is provided to us voluntarily.

d. Recipients

The recipients of the data are internal employees of GOLDSTEIG and, where applicable, data processors such as IT service providers, who process data for the operation and maintenance of our website.

e. Retention periods

We will erase personal data if the storage of the personal data is no longer necessary for the purposes for which it was collected or processed or for the fulfilment of legal obligations (e.g. HGB, AO).

f. Transfer to third countries

No transfer of personal data to third countries takes place.

g. Automated decision-making and profiling

As a responsible enterprise, this data processing does not include automated decision-making or profiling.

VIII. Subscribing to our newsletter

a. Type and purpose of processing

Your data will only be used to email you the newsletter to which you have subscribed. We ask you to provide your name so that we can address you personally in the newsletter and, if necessary, to identify you if you want to exercise your rights as a data subject. The provision of your email address is sufficient for you to receive the newsletter. When subscribing to our newsletter, the data you provide will be used exclusively for this purpose. Subscribers can be informed about circumstances that are relevant for the service or registration (e.g. changes to the newsletter service or technical conditions) by email. We need a valid email address for effective registration. In order to check that the registration was actually made by the owner of an email address, we use the “double opt-in” procedure. For this purpose, we log the request to subscribe to the newsletter, the sending of a confirmation email and the receipt of the requested response. No other data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.

In addition, our sent newsletters enable us to analyse the behaviour of newsletter recipients. The things we can analyse include how many recipients opened the newsletter email, which links are clicked on and how often, and how many unsubscriptions the newsletter resulted in. All these are aggregated data. It is not possible for us to draw any direct conclusions about you as a person.

If you have purchased goods and/or services from us, we are entitled to send you information about similar goods and services using the email address you gave us at the time of purchase (Section 7 III of the Act against Unfair Competition – UWG). You can object to the use of your email address at any time, either as a whole or for individual measures, e.g. by email, post or via the unsubscribe link in our newsletter.

b. Legal basis of the processing

We will regularly send our newsletter or similar information by email to the email address you provided on the basis of your express consent (point (a) of Art. 6(1) of the GDPR) or on the basis of our legitimate interest (point (f) of Art. 6(1) of the GDPR) in conjunction with the requirements of Section 7 III of the UWG.

c. Data categories

Email address, forename and surname, maybe IP address, etc.

d. Recipients

The recipients of the data are internal employees in the Marketing and Sales department and IT service providers for sending the newsletter within the scope of commissioned data processing as per Art. 28 of the GDPR.

e. Retention period

Your data is only processed in this context so long as the corresponding consent remains valid or until you object to the processing. The data will then be erased.

f. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

g. Withdrawal of consent / objecting to processing

You can withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. There is a link for this in every newsletter. You can also unsubscribe directly on this website or inform us that you are withdrawing your consent using the contact details provided at the start of this Privacy Policy.

h. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

IX. Information requirements in the application procedure

a. Type and purpose of processing

We process applicant data only for the purpose of and within the framework of an application procedure in accordance with legal requirements. The applicant data is processed to fulfil our (pre-)contractual obligations within the scope of the application procedure, insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures.

The application procedure requires applicants to provide us with application data. The required applicant data is marked if we offer an online form, otherwise will come from the job description and generally include personal details, postal and contact addresses and the documents associated with the application, such as a cover letter, curriculum vitae and references. Applicants can also voluntarily provide us with additional information. By submitting an application to us, applicants consent to the processing of their data for the purposes of the application procedure in the manner and to the extent set forth in this Privacy Policy. If provided, applicants can submit their applications using an online form on our website. The data will be transferred to us in encrypted form in accordance with the state of the art. Applicants can also submit their applications to us by email bewerbungen@goldsteig.de . However, please note that emails are not generally sent in encrypted form and that the applicants themselves are required to provide for such encryption. We are therefore unable to accept any responsibility for the route data takes between the sender and its arrival on our server; we therefore recommend using our online form or sending your application by post. The data provided by applicants may be processed further by us for employment purposes in the event of a successful application.

b. Legal basis of the processing

The processing of your data takes place for the implementation of (pre)-contractual measures (point (b) of Art. 6(1) of the GDPR).

c. Data categories

Your master data (i.e. forename, surname, name affixes, date of birth), work permit / residence permit if applicable, contact details (e.g. personal address, (mobile) phone number, email address), details on skills (e.g. special knowledge and skills) if relevant to the advertised position: medical suitability and other details will be taken from application documents.

If special categories of personal data within the meaning of Art. 9(1) of the GDPR are voluntarily provided, they will also be processed in accordance with point (b) of Art. 9(2) of the GDPR (e.g. health-related data such as severe disability or ethnic origin).

d. Recipients

The recipients of the data are internal employees of Goldsteig (e.g. department, works council, representative body for disabled employees) as well as IT service providers for the purpose of providing an application tool.

e. Retention period

Subject to reasonable withdrawal by the applicants, the data will be erased once 6 months have passed so that we can respond to any follow-up questions and to allow us to satisfy our obligation to provide proof as per the Act on Equal Treatment. Invoices for any travel expenses reimbursed shall be archived in accordance with tax law requirements.

f. Legal/contractual requirements

The provision of your personal data beyond the retention period (e.g. in order to be included in our applicant pool) is voluntary, and is based solely on your consent. You can withdraw your consent for the storage of your personal data at any time with effect for the future.

g. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If an application to fill an open vacancy is unsuccessful, the applicant’s data will be erased. An applicant’s data will also be erased if they withdraw their application, which the applicant is entitled to do at any time. You can withdraw your consent to the storage of your personal data beyond the retention period at any time with effect for the future. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

X. Your rights

If your personal data is processed as a user, you are deemed to be a data subject as per the GDPR. Data subjects have the following rights vis-à-vis the controller:

• Right of access (Art. 15 of the GDPR)
• Right to rectification or erasure of personal data (Art. 16, 17 of the GDPR)
• Right to restriction of processing (Art. 18 of the GDPR)
• Right to notification regarding the rectification or erasure of your personal data or the restriction of processing (Art. 19 of the GDPR)
• Right to data portability (Art. 20 of the GDPR)
• Right to object (Art. 21 of the GDPR)
• Right to withdraw any consent given. In this respect, the lawfulness of the data processing prior to the withdrawal of the consent shall, however, remain unaffected. (Art. 7(3) of the GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)
   

Contact details for the supervisory authorities in the individual German federal states

XI. Whistleblower message

This information is relevant for whistleblowers who have not opted for anonymous reporting and for those named in the message.

a. Type and purpose of processing

Some personal data may be collected during the whistleblower message and the case login. If the reporting person has opted to send their report in anonymous form, their personal data will be used to handle the case. Likewise, personal data of a data subject contained in the whistleblower report may be processed and used to clarify and process the facts of the case. If the whistleblower has made a report, they can log in via the case login with case number and password.

b. Legal basis

The provision of the portal and the processing of the case takes place on the basis of a legal obligation (point (c) of Art. 6(1) of the GDPR) and within the scope of our legitimate interest (point (f) of Art. 6(1) of the GDPR). The processing of the personal data of the reporting person takes place on the basis of voluntary consent (point (a) of Art. 6(1) of the GDPR)

c. Data categories

Whistleblower: Email address, telephone number, forename, surname, your message, any other data that whistleblower sends us unsolicited

Data subjects: The information may vary depending on the whistleblower message. As a rule, at least the name.

d. Source of data

whistleblower

e. Recipients

The recipient of the data is the external whistleblower ombudsman and BKP Compliant GmbH (https://www.whistleblowing- compliant.eu/) and Proof Point development GmbH (https://www.conida.com) as processor 

f. Retention periods

In this context, data will only be processed as long as the corresponding purpose exists. The data will be erased afterwards so long as no statutory storage obligations oppose this.

g. Legal/contractual requirements

The provision of the whistleblower's personal data is voluntary.

h. Transfer to third countries

Data is not processed outside of the European Union (EU) or the European Economic Area (EEA). 

i. Automated decision-making and profiling

As a responsible company, our data processing does not include automated decision-making or profiling.

XII. Use of Google Maps

a. Type and purpose of processing

We also use the service Google Maps on this website. Google Maps is operated by Google Cloud EMEA Ltd. This allows us to show you interactive maps on our website and enables you to use the convenient map function. More information on how Google processes data can be found in Google’s Privacy Policy. You can also amend your personal privacy settings in the privacy centre. When you visit the website, Google receives information that you accessed the corresponding subpage on our website. This happens regardless of whether Google has provided a user account via which you are logged in, or whether no such user account exists. If you are logged into Google, your data will be assigned directly to your account. If you do not want this data to be assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or designing their website to meet demand. Such an evaluation takes place in particular (even for users who are not logged in) to provide personalised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile; you must contact Google to exercise this right.

b. Legal basis of processing

The legal basis for the integration of Google Maps and the associated transfer of data to Google is your consent (Art. 6(1)(a) GDPR).

c. Data categories

IP address, time stamp, browser used, etc.

d. Recipients

The recipients of the data are internal employees of Goldsteig and Google as data processors.

e. Retention period

Data is only processed in this context so long as the corresponding consent remains valid. The data will be erased afterwards so long as no statutory storage obligations oppose this. To contact us about this, please use the contact details given at the start of this Privacy Policy.

f. Legal/contractual requirements

The provision of your personal data is voluntary, and is based solely on your consent. If you prevent access, this may result in website features being restricted.

g. Transfer to third countries

It cannot be ruled out that your data is also processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. However, in this case you will only be able to use our website to a limited extent if at all. You can withdraw your consent to the storage of your personal data at any time with effect for the future.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

XIII. Facebook, YouTube and Instagram profiles

We maintain profiles on social networks to inform the users active there about our services and to communicate directly via the platforms if they are interested. We are currently present on the following networks:

https://www.facebook.com/GoldsteigKaesespezialitaeten 
https://www.youtube.com/user/GoldsteigKaesereien 
https://www.instagram.com/goldsteig_kaesespezialitaeten/ 

Visitors to our website can only access our social media channels via an external link. We do not use plug-ins or other interfaces that are offered by the respective networks for the embedding of the services on websites.

We have no influence on the data collected or on how it is processed by the social networks. We do not know the extent to which data is stored, where it is stored or for how long it is stored, the extent to which the networks meet existing erasure obligations, which manners of analyses are carried out and which links are established with the data, and to whom the data are passed on. We are therefore drawing attention to the fact that user data (e.g. personal information, IP address) is stored by the network operators in accordance with their respective data usage policies and is used for commercial purposes.

We process the data of social media users insofar as they contact and communicate with us via comments or direct messages.
The legal foundation for processing user data is points (b) and (f) of Art. 6(1) of the GDPR. 

• Facebook/Instagram
• YouTube
   

You can access the social media network Facebook by clicking on external links on our website. All the social media network’s features are provided by Meta Platforms Ireland Ltd. Facebook channels are accessible only via an external link. If you are logged on to Facebook by using your own profile and access our social media channel, Facebook will be able to assign your visit to your profile. If you do not want your user account to be assigned to your IP address, please log out of your Facebook account before using our website. For more information on the processing of your data, we refer you to Facebook’s privacy policy: https://facebook.com/privacy/explanation and to the data policy for our Facebook Page, which can be found below.

Our online offer includes no functions or contents of YouTube, a service offered by Google Ireland Limited. The YouTube channels can only be accessed via an external link. If visitors to our website are members of the platform YouTube, YouTube can assign this visit to our social media channel to the user’s profile provided that they visit our YouTube profile while logged in. We would like to point out that we have no influence on the content or scope of usage of the data collected by YouTube. For further information about this, we refer you to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de. We would also like to point out that you can make changes to your YouTube account to protect your privacy.

XIV. TikTok profile

a. Type and purpose of processing

We are delighted that you are interested in our presence on TikTok. We would like to give you an overview of the data we collect, use and store there.

Social networks can usually comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media profile on TikTok, numerous privacy-related processing procedures are triggered. Specifically:

If you are logged into your TikTok account and visit our social media profile, TikTok can assign this visit to your user account. Your personal data may also be collected if you are not logged into TikTok or you do not have a TikTok account. In this case, the data is collected via cookies stored on your device, for example, or by recording your IP address. By using data collected in this way, TikTok can create user profiles in which your preferences and interests are stored. This means you can be shown adverts that relate to your interests both inside and outside TikTok. If you have an account on TikTok, these adverts related to your interests may be shown on all devices on which you are or were logged in. Please also note that we cannot track all processing procedures performed by TikTok. It is possible, therefore, that other processing procedures are performed by TikTok. You can find details about this in TikTok’s Terms of Service and Privacy Policy.

b. Legal basis of processing

Your data is processed in accordance with point (f) of Art. 6(1) of the GDPR on the basis of our legitimate interest in being able to contact our customers. The analysis processes initiated by TikTok may be based on different legal grounds, which must be stated by TikTok (e.g. consent as defined by point (a) of Art. 6(1) of the GDPR).

c. Data categories

Please refer to TikTok’s privacy policy to find out what specific data is collected and how it is used:

TikTok: https://www.tiktok.com/legal/privacy-policy?lang=de 

d. Recipients

• Employees of the company
• TikTok
   

e. Retention period

Once the purpose for which it was collected has ceased to exist and once we have finished using TikTok, the data collected in this context will be erased.

f. Legal/contractual requirements

The provision of your personal data is voluntary. We cannot grant you access to the content or services we offer unless you provide your personal details.

g. Transfer to third countries

Your data is also processed by TikTok outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. If you would like to exercise your right to object, an email to the contact address above is enough.

i. Automated decision-making and profiling

As a responsible company, our data processing does not include automated decision-making or profiling.

XV. Pinterest online presence

a. Processing nature and purpose

We are pleased that you are interested in our PINTEREST presence. We would like to give you an overview of the data we collect, use and store there.

Social networks can usually comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). When accessing our Pinterest social media presence, numerous processing operations are triggered that are relevant to data protection. Specifically:

If you are logged into your Pinterest account and visit our social media presence, Pinterest is able to allocate this visit to your user account. However, your personal data may also be collected if you are not logged in to Pinterest or you do not have a Pinterest account. In this case, the data is collected via cookies stored on your device, for example, or by recording your IP address. By using data collected in this way, Pinterest can create user profiles in which your preferences and interests are stored. This means you can be shown adverts that relate to your interests both inside and outside Pinterest. If you have a Pinterest account, interest-related advertising can be shown on all the devices on which you are or were logged in. Please also note that we are not aware of all processing steps on Pinterest. Therefore, Pinterest might process such data even further. You can find details about this in Pinterest’s Terms of Service and Privacy Policy.

b. Legal basis of processing

Processing is based on our legitimate interest in contacting our customers pursuant to point (f) of Art. 6(1) of the GDPR. The analysis processes initiated by Pinterest may be based on different legal grounds, which must be stated by Pinterest (e.g. consent as defined by point (a) of Art. 6(1) of the GDPR).

c. Data categories

Please refer to Pinterest’s privacy policy to find out what specific data is collected and how it is used.

Pinterest: https://about.pinterest.com/de/privacy-policy 

d. Recipients

• Employees of the company
• Pinterest
   

e. Retention period

Once the purpose to use Pinterest for us no longer exists, any data collected in this context will be erased.

f. Legal / contractual requirements

The provision of your personal data is voluntary. We cannot grant you access to the content or services we offer unless you provide your personal details.

g. Transfer to third countries

The processing of your data outside the European Union (EU) or the European Economic Area (EEA) cannot be ruled out 

h. Right to object

If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, as per Art. 21 of the GDPR, you have the right to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or the objection is against direct advertising. If you would like to exercise your right to object, an email to the contact address above is enough.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

XVI. Facebook Page

GOLDSTEIG Käsereien Bayerwald GmbH has a profile on Facebook, also known as a Facebook Page. The following supplementary information on data processing applies to visiting our Page. General information on data protection at Facebook is available here (https://www.facebook.com/about/privacy/)).

1. Joint controllership; contact details; company data protection officer:

As per Art. 26 of the GDPR we are jointly responsible for operating our Facebook Page with Facebook. To this end, we concluded an agreement with Facebook to determine the duties regarding data protection for each party. This agreement can be viewed here(https://www.facebook.com/legal/terms/page_controller_addendum). According to this agreement, Facebook is primarily responsible for providing data subjects with information about joint processing activities and enabling them to exercise their data protection rights. Regardless, we hereby provide you with information about your visit to our Page.

Our contact details are:

GOLDSTEIG Käsereien Bayerwald GmbH

Siechen 11, 93413 Cham, Germany

info@goldsteig.de

You can contact Facebook at:

Meta Platforms Ireland Ltd.

4 Grand Canal Square,

Grand Canal Harbour,

Dublin 2, Ireland

You can contact Facebook online here (https://www.facebook.com/legal/terms?ref=pf)

You can contact our company’s data protection officer at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH 

Alexander Bugl

Eifelstraße 55

93057 Regensburg

Email: kontakt@buglundkollegen.de

You can contact Facebook’s data protection officer at https://www.facebook.com/help/contact/540977946302970.

2. Collection and storage of personal data and their type, purpose and use:

a) Data collected by Facebook:

If you are a Facebook user, Facebook collects the data described in Facebook’s privacy policy under “What information do we collect?”. If you are not a Facebook user, cookies (small text files) with identifiers may still be stored in your browser, thus making it possible to track your user behaviour.

In most cases, user data collected when visiting Facebook is also processed by Facebook for market research and advertising purposes. Based on the user behaviour (also when visiting our Page), Facebook creates complex user profiles which it can use to display personalised ads on Facebook and other websites. You can find more information about this in Facebook’s privacy policy.

If you do not agree with this, you can click here to object (opt out).

b) Data used by us (“Page Insights”) and legal basis:

Facebook provides us with statistics and usage data that we can use to analyse the use of our Page ( “Page Insights”). This allows us to continuously improve our Facebook Page. As the operator, we do not make any decisions regarding the processing of Insights data or any other information from Art. 13 of the GDPR, such as the storage period of cookies on users’ devices. As per the GDPR, the primary responsibility for the processing of Insights data is with Facebook, and Facebook fulfils all the obligations of the GDPR with regard to the processing of Insights data.

As the page administrator, we have no other way to evaluate the user behaviour on our Page; we are also unable to do this via user tracking. It is inherently impossible for us to identify visitors to our Page using the Page Insights. In particular, in accordance with the agreement, we have no right to ask Facebook to disclose individual visitor data. Identification is possible only if we can assign individual profile pictures to Page “Likes”, but exclusively in the cases in which the respective visitor clicked on the “Like” button on our Page and the “Like” information is set to “public”. 

You can find out which information Facebook uses to generate Page Insights here.

The operation of the Facebook Page and the use of the Page Insights serve our legitimate interest in an effective external representation and efficient communication with our customers and prospective customers. This interest justifies the operation of the Page, both vis-à-vis the legitimate interests of Facebook users and vis-à-vis visitors to our Page who do not have a Facebook account. Accordingly, the legal foundation for this is point (f) of Art. 6(1) of the GDPR.

3. Passing data on to third parties:

Data collected by Facebook is exchanged and processed within the entire Facebook group. Instagram, WhatsApp and Oculus are also part of the Facebook group. For example, information collected by Facebook is used to display personalised advertisements on Instagram to users, while information from WhatsApp is used to take action against accounts on Facebook that send spam via WhatsApp. This information is available in the Facebook privacy policy in the section titled “How do the Facebook companies work together?”. 

With data processing by Facebook, it may be the case that user data is transferred outside of the European Economic Area (EEA), particularly to the USA.

4. Right to object:

If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. In the latter case, you have a general right to object which we will implement; in this case, you do not need to refer to any particular situation. If you would like to exercise your right to object, you can simply send us an email to info@goldsteig.de or use our contact form.

5. Rights of data subjects:

You have the right to withdraw your consent to us at any time. This will have the result that we will no longer be allowed to continue any data processing that was based on this consent in the future. You also have the right of access as per Art. 15 of the GDPR, the right of rectification as per Art. 16 of the GDPR, the right to erasure as per Art. 17 of the GDPR, the right to restriction of processing as per Art. 18 of the GDPR and the right to data portability as per Art. 20 of the GDPR. Furthermore, you also have the right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)

In principle, you may assert your rights as a data subject against both Facebook and us. As only Facebook has direct access to your user data, it is most effective if you assert your rights as a data subject against Facebook.