Cheese specialitiesDiscover Bavaria’s fine cheese
Mozzarella
Emmental
Almdammer
Mascarpone
Ricotta
Limburger
Butter
Cheese treatsRecipes, promotions and news
Promotions & newsExperience our dairy up close: current events, company news and a variety of promotions.
Health & regionUseful tips for your health and information from the region, the Green Roof of Europe.
A passion for cheeseYou can find all kinds of fascinating, interesting and useful facts from the world of cheese here.
Recipes & inspirationExclusive recipes and serving suggestions using cheese, created by our herb chef Andreas Meier.
Discover exclusive cheese recipes
#Ourfavouriterecipes
#Mozzarellarecipes
#Mascarponerecipes
#Ricottarecipes
Our dairyNatural. Modern. Bavarian.
Region & farmersNativeness, purity and naturalness under Europe’s Green Roof – home to our 3,100 dairy farmers.
Quality & awardsPremium Bavarian products and state-of-the art production processes stand for the utmost indulgence and guaranteed quality.
Naturalness & responsibilityNo genetic engineering and “Natural direct from farmers” – with a sense of responsibility towards people and the environment.
Company, facts, figuresGOLDSTEIG at a glance: the history, figures and people behind the dairy.
Contact:
GOLDSTEIG Käsereien
Bayerwald GmbH
Siechen 11
93413 Cham
+49 (0)9971/844-0
+49 (0)9971/844-1090
Facebook
YouTube
Instagram

Data privacy policy

I. Introduction

We’re delighted that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. We would like to use this Privacy Policy to inform you about the extent to which data is collected when you use our website, and the purposes for which we use this data. We would also like to provide you with information on your rights in this regard.

II. General information

In accordance with Art. 13 of the GDPR, you’ll find information about the collection of personal data when using our website below. Personal data means all data related to you personally, e.g. name, address, email addresses, user behaviour.

The controller as per Art. 4(7) of the EU’s General Data Protection Regulation (GDPR) is
GOLDSTEIG Käsereien Bayerwald GmbH Siechen 11 93413 Cham Germany
https://www.goldsteig.de/impressum.

You can contact our data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH, Alexander Bugl, Eifelstraße 55, 93057 Regensburg, Email: kontakt@buglundkollegen.de

III. Visiting our website

a. Type and purpose of processing

When you access our website, i.e. if you do not register or otherwise transmit information, information of a general nature will be collected. This information (server log files) will include the browser type, the operating system used, the domain name of your Internet service provider, your IP address and the like. This is exclusively information that does not allow conclusions to be drawn about your person. Your data will be processed for the following purposes in particular:

ensuring a connection to the website can be established without any problems,
ensuring the smooth use of our website,
evaluating system security and stability, and
for other administrative purposes, such as loading fonts that are stored on our own servers.

We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us in order to optimise our website and the technology behind it. Under certain circumstances, we may also use another service provider in order to be able to present the Privacy Policy. This process involves the use of an embedding code through which your IP address is transmitted to said service provider.

We process your data on the basis of our legitimate interest for a limited time in order to derive personal data in the event of unauthorised access or attempted access to local servers and to be able to properly present the Privacy Policy.

b. Legal basis of processing

Your data is processed in accordance with point (f) of Art. 6(1) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

c. Data categories

IP address, time stamp, browser used, etc.

d. Recipients

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors, who process data for the operation and maintenance of our website.

e. Retention period

The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. For the data used to provide the website, this is generally when the respective session has ended.

f. Legal/contractual requirements

You are not legally or contractually required to provide the aforementioned personal data. However, without the IP address, it is not guaranteed that our website will work. In addition, individual services may be unavailable or limited.

g. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Option to object

You have the right to object to the processing of your personal data at any time. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

IV. Use of cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which the entity that sets the cookie (in this case us) receives certain information. They serve to make our website more user friendly and effective.

We use two different categories of cookies: (a) essential cookies, without which the functionality of our website would be restricted, and (b) optional cookies for the purpose of website analysis and marketing.

The use of optional cookies is based on your consent (point (a) of Art. 6(1) of the GDPR).

We describe the optional cookies used on our website in detail in our cookie banner.

V. Hosting

The hosting services we use (services for operating and providing the website) are used to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, email distribution, security services as well as technical maintenance services that we use for the purpose of operating this website.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our website on the basis of our legitimate interest in the efficient and safe provision of this website as per point (f) of Art. 6(1) of the GDPR in conjunction with Art. 28 of the GDPR (conclusion of order processing contract).

VI. Contact

a. Type and purpose of processing

The data you entered in the contact form is saved and stored for the purpose of individual communication with you. It is necessary to enter a valid email address and your name for this. This is for the assignment of your query and the subsequent response to the same. Entering additional data is optional. If you contact us by email, the data you have shared (email address, if applicable your name and telephone number, etc.) will also be processed for the purpose of individual communication.

b. Legal basis of processing

The data provided is processed on the basis of a legitimate interest (point (f) of Art. 6(1) of the GDPR). By providing the contact form and our email address, we want to make it easy for you to get in touch with us. The information you provide will be stored for the purpose of processing your query and for any possible follow-up questions. If you get in touch with us to ask for a quote, the data entered will be processed to carry out pre-contractual measures (point (b) of Art. 6(1) of the GDPR).

c. Data categories

Forename and surname, contact details, address details

d. Recipients

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors such as IT service providers.

e. Retention period

Data is erased no later than 6 months after your query has been processed. If a contractual relationship is established as a result, we will be subject to the statutory retention periods as per the German Commercial Code (HGB) and will erase your data upon expiry of this period.

f. Legal/contractual requirements

The provision of your personal data is voluntary. However, we can only process your query if you disclose your name, your email address and the reason for your query.

g. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

VII. Registering on our website

a. Type and purpose of processing

When registering to use our personalised services, some personal data is collected, such as your name, address, contact details and communication information (e.g. phone number and email address). If you are registered with us, you can access content and services that we only provide to registered users. Registered users also have the option of changing or erasing the data provided during registration at any time if they wish to do so. In addition, we will provide you with access to information about the personal data we have stored about you at any time.

b. Legal basis of processing

The data provided during registration is processed on the basis of the user’s consent (point (a) pf Art. 6(1) of the GDPR).

c. Data categories

Forename and surname, contact details, address details

d. Recipients

The recipients of the data are internal employees of Goldsteig and, where applicable, data processors such as IT service providers, who process data for the operation and maintenance of our website.

e. Retention period

Data is only processed in this context so long as the corresponding consent remains valid. The data will be erased afterwards so long as no statutory storage obligations oppose this. To contact us about this, please use the contact details given at the start of this Privacy Policy.

f. Legal/contractual requirements

The provision of your personal data is voluntary, and is based solely on your consent. We cannot grant you access to the content or services we offer unless you provide your personal details.

g. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

You can withdraw your consent to the storage of your personal data at any time with effect for the future. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

VIII. Subscribing to our newsletter

a. Type and purpose of processing

Your data will only be used to email you the newsletter to which you have subscribed. We ask you to provide your name so that we can address you personally in the newsletter and, if necessary, to identify you if you want to exercise your rights as a data subject. Providing your email address is sufficient for you to receive the newsletter. When subscribing to our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed of circumstancesthat are relevant for the service or registration (e.g. changes to the newsletter service or technical conditions) by email. We need a valid email address for effective registration. In order to check that the registration was actually made by the owner of an email address, we use the “double opt-in” procedure. For this purpose, we log the request to subscribe to the newsletter, the sending of a confirmation email and the receipt of the requested response. No other data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.

In addition, our sent newsletters enable us to analyse the behaviour of newsletter recipients. The things we can analyse include how many recipients opened the newsletter email, which links are clicked on and how often, and how many unsubscriptions the newsletter resulted in. All these are aggregated data. It is not possible for us to draw any direct conclusions about you as a person.

If you have purchased goods and/or services from us, we are entitled to send you information about similar goods and services using the email address you gave us at the time of purchase (Section 7 III of the Act against Unfair Competition – UWG). You can object to the use of your email address at any time, either as a whole or for individual measures, e.g. by email, post or via the unsubscribe link in our newsletter.

b. Legal basis of processing

We will regularly send our newsletter or similar information by email to the email address you provided on the basis of your express consent (point (a) of Art. 6(1) of the GDPR) or on the basis of our legitimate interest (point (f) of Art. 6(1) of the GDPR) in conjunction with the requirements of Section 7 III of the UWG.

c. Data categories

Email address, forename and surname, maybe IP address, etc.

d. Recipients

The recipients of the data are internal employees in the Marketing and Sales department and IT service providers for sending the newsletter within the scope of commissioned data processing as per Art. 28 of the GDPR.

e. Retention period

Your data is only processed in this context so long as the corresponding consent remains valid or until you object to the processing. The data will then be erased.

f. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

g. Withdrawal of consent / objecting to processing

You can withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. There is a link for this in every newsletter. You can also unsubscribe directly on this website or inform us that you are withdrawing your consent using the contact details provided at the start of this Privacy Policy.

h. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

IX. Information requirements in the application procedure

a. Type and purpose of processing

We process applicant data only for the purpose of and within the framework of an application procedure in accordance with legal requirements. The applicant data is processed to fulfil our (pre-)contractual obligations within the scope of the application procedure, insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures.

The application procedure requires applicants to provide us with application data. The required applicant data is marked if we offer an online form, otherwise will come from the job description and generally include personal details, postal and contact addresses and the documents associated with the application, such as a cover letter, curriculum vitae and references. Applicants can also voluntarily provide us with additional information. By submitting an application to us, applicants consent to the processing of their data for the purposes of the application procedure in the manner and to the extent set forth in this Privacy Policy. If provided, applicants can submit their applications using an online form on our website. The data is encrypted in a state-of-the-art manner and sent to us. Applicants can also send an email to bewerbungen@goldsteig.de to submit an application. Please note, however, that emails are generally not encrypted when sent and the applicant must themselves ensure that they are encrypted. We can, therefore, accept no responsibility for the route data takes between the sender and its arrival on our server; we recommend using our online form or sending your application by post. The data provided by applicants may be processed further by us for employment purposes in the event of a successful application.

b. Legal basis of processing

Your data is primarily processed for the purposes of establishing an employment relationship as per Art. 88(1) of the GDPR in conjunction with Section 26(1) German Data Protection Act – BDSG.

c. Data categories

Your master data (i.e. forename, surname, name affixes, date of birth), work permit / residence permit if applicable, contact details (e.g. personal address, (mobile) phone number, email address), details on skills (e.g. special knowledge and skills) if relevant to the advertised position: medical suitability and other details will be taken from application documents.

If special categories of personal data within the meaning of Art. 9(1) of the GDPR are voluntarily provided, they will also be processed in accordance with point (b) of Art. 9(2) of the GDPR (e.g. health-related data such as severe disability or ethnic origin).

d. Recipients

The recipients of the data are internal employees of Goldsteig (e.g. department, works council, severely handicapped employee representative)

e. Retention period

Subject to reasonable withdrawal by the applicants, the data will be erased once 6 months have passed so that we can respond to any follow-up questions and to allow us to satisfy our obligation to provide proof as per the Act on Equal Treatment. Invoices for any travel expenses reimbursed shall be archived in accordance with tax law requirements.

f. Legal/contractual requirements

The provision of your personal data beyond the retention period (e.g. in order to be included in our applicant pool) is voluntary, and is based solely on your consent. You can withdraw your consent to the storage of your personal data at any time with effect for the future.

g. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If an application to fill an open vacancy is unsuccessful, the applicant’s data will be erased. An applicant’s data will also be erased if they withdraw their application, which the applicant is entitled to do at any time. You can withdraw your consent to the storage of your personal data beyond the retention period at any time with effect for the future. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

X. Your rights

If your personal data is processed as a user, you are deemed to be a data subject as per the GDPR. Data subjects have the following rights vis-à-vis the controller:

Right of access (Art. 15 of the GDPR)
Right to rectification or erasure of personal data (Art. 16, 17 of the GDPR)
Right to restriction of processing (Art. 18 of the GDPR)
Right to notification regarding the rectification or erasure of your personal data or the restriction of processing (Art. 19 of the GDPR)
Right to data portability (Art. 20 of the GDPR)
Right to object (Art. 21 of the GDPR)
Right to withdraw any declarations of consent given. The lawfulness of the data processing carried out based on consent valid until that point shall not be affected by its withdrawal. (Art. 7(3) of the GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)

Contact details for the supervisory authorities of individual German federal states

XI. Whistleblower message

This information is relevant for whistleblowers who have not opted for anonymous reporting and for those named in the message.

a. Type and purpose of processing

Some personal data may be collected during the whistleblower message and the case login. If the reporting person has opted to send their report in anonymous form, their personal data will be used to handle the case. Likewise, personal data of a data subject contained in the whistleblower report may be processed and used to clarify and process the facts of the case. If the whistleblower has made a report, they can log in via the case login with case number and password.

b. Legal basis

The provision of the portal and the processing of the case is based on a legal obligation (point (c) of Art. 6(1) of the GDPR).

c. Data categories

Whistleblower: Email address, telephone number, forename, surname, your message, any other data that whistleblower sends us unsolicited

Data subjects: The information may vary depending on the whistleblower message. As a rule, at least the name.

d. Source of data

whistleblower

e. Recipients

The recipient of the data is the whistleblower external ombudsperson and BKP Compliant GmbH as the processor

f. Retention period

In this context, data will only be processed as long as the corresponding purpose exists. The data will be erased afterwards so long as no statutory storage obligations oppose this.

g. Legal/contractual requirements

The provision of the whistleblower's personal data is voluntary.

h. Transfer to third countries

Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

XII. Use of Google Maps

a. Type and purpose of processing

We also use the service Google Maps on this website. Google Maps is operated by Google Cloud EMEA Ltd. This allows us to show you interactive maps on our website and enables you to use the convenient map function. More information on how Google processes data can be found in Google’s Privacy Policy. You can also amend your personal privacy settings in the privacy centre. When you visit the website, Google receives information that you accessed the corresponding subpage on our website. This happens regardless of whether Google has provided a user account via which you are logged in, or whether no such user account exists. If you are logged into Google, your data will be assigned directly to your account. If you do not want this data to be assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or designing their website to meet demand. Such an evaluation takes place in particular (even for users who are not logged in) to provide personalised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile; you must contact Google to exercise this right.

b. Legal basis of processing

The legal basis for the integration of Google Maps and the associated transfer of data to Google is your consent (point (a) of Art. 6(1) of the GDPR).

c. Data categories

IP address, time stamp, browser used, etc.

d. Recipients

The recipients of the data are internal employees of Goldsteig and Google as data processors.

e. Retention period

f. Legal/contractual requirements

The provision of your personal data is voluntary, and is based solely on your consent. If you prevent access, this may result in website features being restricted.

g. Transfer to third countries

It cannot be ruled out that your data is also processed outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. However, in this case you will only be able to use our website to a limited extent if at all. You can withdraw your consent to the storage of your personal data at any time with effect for the future.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling in this data processing.

XIII. Facebook, YouTube and Instagram profiles

We maintain profiles on social networks to inform the users active there about our services and to communicate directly via the platforms if they are interested. We are currently on the following networks:

https://www.facebook.com/GoldsteigKaesespezialitaeten

https://www.youtube.com/user/GoldsteigKaesereien

https://www.instagram.com/goldsteig kaesespezialitaeten/

Visitors to our website can only access our social media channels via external links. We do not use plug-ins or other interfaces that are offered by the respective networks to embed their service on websites.

We have no influence on the data collected or on how they are processed by the social networks. We do not know the extent to which data is stored, where it is stored or for how long it is stored, the extent to which the networks meet existing erasure obligations, which manners of analyses are carried out and which links are established with the data, and to whom the data are passed on. We are therefore drawing attention to the fact that user data (e.g. personal information, IP address) is stored by the network operators in accordance with their respective data usage policies and is used for commercial purposes.

We process the data of social media users insofar as they contact and communicate with us via comments or direct messages.

The legal foundation for processing user data is points (b) and (f) of Art. 6(1) of the GDPR.

Facebook/Instagram
YouTube

You can access the Facebook social media network via external links on our website. All the social media network’s features are provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The Facebook channels can only be accessed via an external link. If you are logged into your own Facebook profile and access our social media channel, Facebook can assign your visit to your logged-in profile. If you do not want your user account assigned to your IP address, please log out of your Facebook account before using our website.

For further information on the processing of your data, we refer you to the privacy policy of Facebook: https://facebook.com/privacy/explanation and to our data policy for the Facebook fan page, which you can find below.

No features or content from the service YouTube, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, are embedded in our website. The YouTube channels can only be accessed via an external link. If visitors to our website are members of the platform YouTube, YouTube can assign this visit to our social media channel to the user’s profile provided that they visit our YouTube profile while logged in. We would like to point out that we have no influence on the content or scope of usage of the data collected by YouTube. For more information on this, we would like to refer you to YouTube’s Privacy Policy: https://policies.google.com/privacy? hl=de. We would also like to point out that you can make changes to your YouTube account to protect your privacy.

XIV. TikTok profile

a. Type and purpose of processing

We are delighted that you are interested in our presence on TikTok. We would like to give you an overview of the data we collect, use and store there.

Social networks can usually comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media profile on TikTok, numerous privacy-related processing procedures are triggered. Specifically: If you are logged into your TikTok account and visit our social media profile, TikTok can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have a TikTok account. In this case, the data would be collected via cookies stored on your device or by recording your IP address. By using data collected in this way, TikTok can create user profiles in which your preferences and interests are recorded. This means you can be shown adverts related to your interests both inside and outside TikTok. If you have an account on TikTok, these adverts related to your interests may be shown on all devices on which you are or were logged in. Please also note that we cannot track all processing procedures performed by TikTok. It is possible, therefore, that other processing procedures are performed by TikTok. You can find details about this in TikTok’s Terms of Service and Privacy Policy.

b. Legal basis of processing

Your data is processed in accordance with point (f) of Art. 6(1) of the GDPR on the basis of our legitimate interest in being able to contact our customers. The analysis processes initiated by TikTok may be based on different legal grounds, which must be stated by TikTok (e.g. consent as defined by point (a) of Art. 6(1) of the GDPR).

c. Data categories

Please refer to TikTok’s Privacy Policy to find out what specific data is collected and how it is used:
TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/de

d. Recipients

Employees of the company
TikTok

e. Retention period

Once the purpose for which it was collected has ceased to exist and once we have finished using TikTok, the data collected in this context will be erased.

f. Legal/contractual requirements

The provision of your personal data is voluntary. We cannot grant you access to the content or services we offer unless you provide your personal details.

g. Transfer to third countries

Your data is also processed by TikTok outside of the European Union (EU) or the European Economic Area (EEA).

h. Withdrawal of consent

If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. If you would like to exercise your right to object, an email to the contact address above is enough.

i. Automated decision-making and profiling

As a responsible company, we do not use automatic decision-making or profiling for data processing.

XV. Facebook Page

GOLDSTEIG Käsereien Bayerwald GmbH has a profile on Facebook, also known as a Facebook Page. The following supplementary information on data processing applies to visiting our Page. General information on data protection on Facebook can be found here (https://www.facebook.com/about/privacy/).

1. General responsibility, contact details, company data protection officer:

As per Art. 26 of the GDPR we are jointly responsible for operating our Facebook Page with Facebook. To this end, we have entered into an agreement with Facebook specifying who must fulfil which obligations with regard to data protection. This agreement can be viewed here(https://www.facebook.com/legal/terms/page_controller_addendum). According to the agreement, Facebook is primarily responsible for providing the data subject with information about the joint processing of their data and to make it possible for them to exercise their rights. Regardless, we hereby provide you with information about your visit to our Page.

Our contact details are:
GOLDSTEIG Käsereien Bayerwald GmbH
Siechen 11 93413 Cham Germany
info@goldsteig.de

You can contact Facebook at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
You can contact Facebook online here (https://www.facebook.com/help/contact/2061665240770586)

You can contact our company’s data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstraße 55
93057 Regensburg
Email: kontakt@buglundkollegen.de

You can contact Facebook’s data protection officer at
https://www.facebook.com/help/contact/540977946302970.

2. Collection and storage of personal data, as well the type and purpose of its use:

a) Data recorded by Facebook:

If you are a Facebook user, Facebook collects the data described in Facebook’s Privacy Policy under “What information do we collect?”. If you are not a Facebook user, cookies (small text files) with identifiers may still be stored in your browser, thus making it possible to track your user behaviour.

Usually, data collected when visiting Facebook is also processed by Facebook for market research and advertising purposes. Complex user profiles are created based on user behaviour (even when visiting our Page); Facebook can use them to provide visitors with personalised ads, both within and outside of Facebook. You can find more information about this in Facebook’s Privacy Policy.

If you do not agree with this, you can click here to opt out.

b) Data used by us (“Page Insights”) and legal grounds:

Facebook provides us with statistics and usage data that we can use to analyse the use of our Page ( “Page Insights”). This allows us to continuously improve our Facebook Page. As the operator, we do not make any decisions regarding the processing of Insights data or any other information under Art. 13 of the GDPR, such as storage period of cookies on end user devices. As per the GDPR, the primary responsibility for the processing of Insights data lies with Facebook and Facebook meets all GDPR obligations with regard to the processing of Insights data.

We, as the Page administrator, have no other way – including user tracking – to evaluate user behaviour on our Page. It is inherently impossible for us to identify visitors to our Page using the Page Insights. In particular, in accordance with the agreement, we have no right to ask Facebook to disclose individual visitor data. Identification is possible only if we can assign individual profile pictures to page “Likes”, but exclusively in the cases where the respective visitor clicked on the “Like” button on our fan page and “Like” information is set to “public”.

You can find which information Facebook uses to generate Page Insights here.

Operating the Facebook Page and using the Page Insights serve our legitimate interest in effective external representation and efficient communication with our customers and interested parties. This interest justifies the operation of the Page, both vis-à-vis the legitimate interests of Facebook users and vis-à-vis visitors to our Page who do not have a Facebook account. Accordingly, the legal foundation for this is point (f) of Art. 6(1) of the GDPR.

3. Passing data on to third parties:

Data collected by Facebook is exchanged and processed within the entire Facebook group. Instagram, WhatsApp and Oculus are also part of the Facebook group. For example, information collected by Facebook in order to show the user personalised ads on Instagram, and information collection by WhatsApp is used to take action on Facebook against accounts that use WhatsApp to send spam. This information can be found in Facebook’s Privacy Policy under “How do the Facebook companies work together?”.

When Facebook processes data, it may be the case that user data is transferred outside of the European Economic Area (EEA), particularly to the USA.

4. Right to object:

If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. In the latter case, you have a general right to object, which we will implement without any particular situation being stated. If you would like to exercise your right to object, it is sufficient to send an email to info@goldsteig.de or to use our contact form.

5. Data subject rights:

You have the right to withdraw your consent to us at any time. This will have the result that we will no longer be allowed to continue any data processing that was based on this consent in the future. You also have the right of access as per Art. 15 of the GDPR, the right of rectification as per Art. 16 of the GDPR, the right to erasure as per Art. 17 of the GDPR, the right to restriction of processing as per Art. 18 of the GDPR and the right to data portability as per Art. 20 of the GDPR. Furthermore, you also have the right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)

In principle, you may assert your rights as a data subject against both Facebook and us. As only Facebook has direct access to your user data, it is most effective to assert your data subject rights against Facebook.