Cheese specialtiesDiscover Bavaria's cheese specialities
Mozzarella
Emmental cheese
Protinella
Mascarpone
Cheese enjoymentRecipes, events and news
Events & NewsExperience our cheese dairy up close: current events, news, social wall and a wide range of events.
Health & RegionUseful tips for your health and information from the region, the green roof of Europe.
A passion for cheeseHere you will find all sorts of amazing, interesting and useful things from our world of cheese.
Recipes & inspirationExclusive recipes, serving suggestions and tips with our delicious specialities can be found here.
Discover exclusive cheese recipes
#OurFavouriteRecipes
#Mozzarella recipes
#Mascarpone recipes
#RicottaRecipes
Our cheese dairyNatural. Modern. Bavarian.
Region & FarmersOriginality, purity and naturalness under the green roof of Europe - the home of our 2,260 dairy farmers.
Quality & AwardsBavarian premium products and state-of-the-art production processes stand for maximum enjoyment and guaranteed quality.
Naturalness & responsibilityWithout genetic engineering and "Naturally from farmers" - out of responsibility towards people and the environment.
Company, facts, figuresGOLDSTEIG at a glance: History, figures and people behind the cheese dairy.
Contact:
GOLDSTEIG Käsereien
Bayerwald GmbH
Siechen 11
93413 Cham
+49 (0)9971/844-0
+49 (0)9971/844-1090
Facebook
YouTube
Instagram

Privacy policy

Responsible Party

The party responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

GOLDSTEIG Käsereien Bayerwald GmbH
Siechen 11
93413 Cham

Link to Legal Notice: https://www.goldsteig.de/impressum

Data Protection Officer

You can reach our Data Protection Officer at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstraße 55
93057 Regensburg
Germany

Email: kontakt@buglundkollegen.de

As a data subject, you have the following rights under the EU General Data Protection Regulation (GDPR):

Right of Access (Art. 15 GDPR)

You have the right to request information about which personal data is stored about you, for what purpose it is processed, from which recipients it was obtained or to whom it is passed on, and how long it will be stored.

Right to Rectification (Art. 16 GDPR)

You can request the immediate correction of incorrect personal data or the completion of incomplete personal data.

Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR)

Under certain conditions, you can request the deletion of your personal data, e.g., if it is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data, for example, if the accuracy of the data is contested by you or the processing is unlawful, but you request restriction instead of deletion.

Right to Data Portability (Art. 20 GDPR)

You can request that the personal data concerning you, which you have provided to us, be transmitted in a structured, commonly used, and machine-readable format – or that we transfer this data directly to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data, provided that the processing is based on the legitimate interests of our company or on a task performed in the public interest. In the event of a justified objection, we will stop the processing unless there are compelling legitimate grounds for the processing.

Withdrawal of Consent (Art. 7 GDPR)

If you have given us your consent, you can withdraw it at any time with effect for the future without giving reasons.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Hosting and Server Log Files

The hosting services we use (services for the operation and provision of the website) serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offering.

In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties, and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).

Contacting Us

You have the option to contact us by email, telephone, contact form, or letter, which may result in the processing of personal data. We process your data to handle and process your inquiry. We will not pass on your data to third parties without your consent.

The legal basis for the processing is our legitimate interest in the effective processing of your inquiry in accordance with Art. 6 Para. 1 lit. f GDPR.

When contacting us by email, we store your email address and the information contained in the email. In the case of the contact form, your IP address is also recorded pseudonymously in addition to the information in the contact form. In the case of contact by letter, your sender address and the content of the letter are stored. When contacting us by telephone, we collect personal data depending on the individual case.

We store your data until you ask us to delete it or the purpose of the processing (the processing of your inquiry) has been fulfilled.

Applications

If you apply for a job with us, your personal data will be processed. The legal basis for the processing is Art. 6 Para. 1 lit. b GDPR in connection with the implementation of pre-contractual measures. Should your data be required after completion of the application process for the defense of legal claims, the processing is based on our legitimate interest in the obligation to provide evidence in accordance with Art. 6 Para. 1 lit. f GDPR, for example in connection with the General Equal Treatment Act.

We process the data that you have sent us as part of your application and that we need to check your suitability for the position in question.

The purposes of the processing are the management of your application, evaluation of your suitability for the open position, and contacting you in connection with your application or with possible alternative positions.

We delete your data after six months. If you have agreed to be included in the applicant pool, we will delete it after two years. If your application leads to employment, we will store your data for the duration of your employment with us.

SAP SuccessFactors

To manage applications, we use the tool from the provider SAP Deutschland SE & Co. KG. For the data protection-compliant use of the provider, we have concluded a contract for order processing with them in accordance with Art. 28 GDPR.

Newsletter Subscription

You have the option to subscribe to our email newsletter, with which we inform you about offers from our company.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future, for example by using the "unsubscribe" link in every newsletter email or by contacting the party responsible for data processing.

When registering, we may send you a double opt-in email to verify your email address. In addition to the data entered in the registration form, we process your IP address and the time of registration.

The purpose of the data processing is exclusively to send our newsletter.

The data stored as part of the newsletter dispatch will be stored until you unsubscribe from the newsletter. Data that we have stored for other purposes remains unaffected by this.

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular information about similar goods or services to those already purchased by email, provided you have not objected to this. Data processing is carried out on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with §7 Para. 3 UWG (German Act Against Unfair Competition).

Registration on our website (Farmers, Trade, Foodservice)

We can process personal data of our customers, suppliers, and partners for communication, planning, implementation of the contractual relationship, and marketing.

The processing of the data provided is based on a legitimate interest (Art. 6 Para. 1 lit. f GDPR) and the fulfillment of a contract (Art. 6 Para. 1 lit. b GDPR).

Contact information (full name, company, professional email address, professional telephone and fax numbers, professional address).

Other necessary information in a project or contractual relationship or information provided to us voluntarily.

Participation in Competitions

As part of our competitions, we process personal data that you provide to us via the entry form. This information is stored and used exclusively for the purpose of carrying out the competition, determining the winners, and processing the prize delivery.

The data collected may include:

First and last name
Email address
Telephone number
Date of birth
Postal address (street, house number, zip code, city)
Other information necessary for the respective competition (e.g., answers to competition questions, prize codes, etc.)

Processing is based on Art. 6 Para. 1 lit. b GDPR, as it is necessary for the implementation of the competition and the fulfillment of the associated obligations. In addition, processing is based on your voluntary consent in accordance with Art. 6 Para. 1 lit. a GDPR, which you grant by participating.

Your data will be used exclusively in connection with the respective competition. It will not be passed on to third parties. After the competition has ended, the data of all participants who were not drawn will be deleted within 30 days. We store the winners' data for the duration of the legally prescribed retention periods in order to be able to prove that the competition was carried out correctly.

You can withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out up to the time of withdrawal remains unaffected.

Duration of Storage

When using our website for purely informational purposes, we only store your personal data for the duration of your visit. After leaving the website, this data is automatically deleted. In the case of active use, e.g., to contact us, we initially store your personal data for the duration of the processing of your inquiry. In addition, we retain the data as long as this is necessary to safeguard or enforce possible legal claims. The regular limitation period is 12 to 36 months, but can be up to 30 years in individual cases. After the limitation period has expired, your data will be deleted unless there is a statutory retention obligation. Such obligations arise in particular from the Commercial Code (§§ 238, 257 Para. 4 HGB) or the Tax Code (§ 147 Para. 3, 4 AO) and are generally between two and ten years.

Categories of Recipients

As part of our business activities, we work with various external bodies. Personal data is only passed on to these recipients if this is necessary to fulfill contractual obligations, if we are legally obliged to do so (e.g., to tax authorities), if there is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR, if you have given your consent in accordance with Art. 6 Para. 1 lit. a GDPR, or if another legal basis allows the transfer of data. If we use service providers as processors, personal data is passed on exclusively on the basis of a valid contract for order processing. In the case of joint controllership, a contract for joint processing is concluded in accordance with Art. 26 GDPR.

Further information on the recipients used can be found in the course of this privacy policy or you can contact the contact options given above.

Data Transfer to Third Countries

Personal data is only transferred to countries outside the European Union (EU) or the European Economic Area (EEA) if this is necessary or permitted by law, if you have given us your express consent, or as part of order processing. If service providers are used in a third country, we oblige them by means of appropriate guarantees – usually the EU standard contractual clauses – to comply with the level of data protection applicable in the EU. Insofar as an adequacy decision by the European Commission is available, we base the data transfer on this. Further information can be obtained via the contact options given above.

Processing as part of the Business Relationship

We may process the personal data of our customers, prospective customers, suppliers, vendors, and partners for communication, planning, implementation of the contractual relationship, marketing, administrative, and security purposes.

The legal basis for the processing of the data provided is our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR and the fulfillment of a contract in accordance with Art. 6 Para. 1 lit. b GDPR.

As part of the business relationship, we process, among other things, contact information, billing information, and payment data, further necessary information in a project or contractual relationship, or information provided to us voluntarily.

Google Maps

We use the "Google Maps" service on our website to visually display geographic information and provide directions. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for the use of Google Maps is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

The data processed by Google Maps includes your IP address, location data, device information, browser details, usage data, and cookies may be set.

If you are logged into a Google account, Google Maps data can be linked to a user profile.

The purpose of the data processing is to display interactive maps and provide location-based services for users.

It cannot be ruled out that personal data will be transferred to insecure third countries (USA) in which there is a lower level of data protection than in the EU. We have concluded an order processing agreement (AVV) with Google, which ensures that personal data is only processed according to our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure data processing of EU citizens in the USA.

Further information on Google Maps' data protection regulations can be found at: https://policies.google.com/privacy#infocollect

YouTube

We use the video service "YouTube" on our website. The provider of the service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for the use of YouTube is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

Google collects and processes your IP address, browser and operating system information, and location data; in addition, actions such as viewing videos or creating playlists are processed. Cookies are also set in the process. YouTube integrates other Google services, such as Google Fonts, Google Photos, and Google Ads (formerly Doubleclick).

If you are logged into a Google account, this data can be linked to a user profile. Your user behavior is recorded and analyzed for advertising purposes.

The purpose of the data processing is the provision of video content and its integration on our website.

According to Google's privacy policy, the storage duration of the data processed by YouTube varies depending on the data type and user settings. By default, activity data (such as viewed videos, search history, etc.) for new accounts or users who have not previously set a storage duration is automatically deleted after 36 months (3 years). Users can manually set this storage duration to 3 months, 18 months, or have the data stored permanently. Detailed information can be found at: https://policies.google.com/privacy?hl=en#inforetaining

It cannot be ruled out that personal data will be transferred to insecure third countries (USA) in which there is a lower level of data protection than in the EU. Google is certified under the EU-US Data Privacy Framework, which regulates the secure data processing of EU citizens in the USA. We have concluded an order processing agreement (AVV) with Google, which ensures that personal data is only processed according to our instructions and in compliance with the GDPR.

Further information on YouTube's data protection regulations can be found at: https://policies.google.com/privacy

Information on the cookies set can be found at: https://policies.google.com/technologies/cookies

You can prevent the processing of your data by clicking this link: https://myaccount.google.com/data-and-privacy

BKP Compliant Whistleblower Portal

We use the "BKP Compliant Whistleblower Portal" service on our website to provide a secure reporting office for whistleblowers to report compliance violations. The provider is BKP Compliant GmbH ("BKP Compliant"), Heilig-Geist-Gasse 398, 84028 Landshut, Germany.

The legal basis for the use of BKP Compliant is the fulfillment of a legal obligation in accordance with Art. 6 Para. 1 lit. c GDPR.

The data processed by the BKP Compliant Whistleblower Portal includes the information provided in whistleblower reports, contact details if provided, technical metadata such as IP address and time of transmission, and may include cookies for session management.

The purpose of the data processing is the secure and confidential receipt of information on compliance violations as well as the management and investigation of these reports.

Further information on BKP Compliant's data protection regulations can be found at: https://www.hinweisgeberschutzportal.de/datenschutz

Social Media Profiles

We maintain online profiles on the following social networks (hereinafter "Social Media") in order to communicate with customers, interested parties, and the public and to draw attention to our services:

Instagram (Meta Platforms, Inc.)

Facebook (Meta Platforms, Inc.)
X (formerly Twitter; X Corp.)
LinkedIn (LinkedIn Ireland Unlimited Company)
Xing (New Work SE)
TikTok (ByteDance)
Pinterest (Pinterest, Inc.)

For the scope and purpose of data processing, we refer to the currently applicable data protection regulations of the networks:

Instagram: (https://privacycenter.instagram.com/policy)
Facebook: (https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer)
X (Twitter): (https://x.com/de/privacy)
LinkedIn: (https://de.linkedin.com/legal/privacy-policy?)
Xing: (https://privacy.xing.com/de/datenschutzerklaerung)
TikTok: (https://www.tiktok.com/legal/page/us/privacy-policy/en)
Pinterest: (https://policy.pinterest.com/de/privacy-policy)

Processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR, as we have a legitimate interest in contemporary public relations. If consent is required, processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR.

Insofar as you transmit additional data (e.g., personal messages) to the services, your consent is usually required for this. Please note that we have no influence on the data processing by the social media providers. If you have any questions or wish to assert your data subject rights (e.g., access, deletion), please contact the respective platform operator directly.

You can subscribe to or unsubscribe from our social media profiles at any time. If you do not want social media service operators to collect data about your visit to our profiles, please use the deactivation options (e.g., logging out, ad tracker blocking) in your user account or install appropriate browser add-ons.

decareto Privacy Widget

We use the "decareto Privacy Widget" service on our website to create and manage our privacy notices. The provider is decareto GmbH, Mittelweg 144, 20148 Hamburg, Germany ("decareto"). As part of the provision of services, decareto uses the bunny.net content delivery network of the sub-processor BunnyWay d.o.o. (Slovenia) to deliver content reliably and quickly.

The legal basis for the use of the decareto Privacy Widget is the fulfillment of a legal obligation in accordance with Art. 6 Para. 1 lit. c GDPR.

The legal basis for the use of bunny.net is decareto's legitimate interest in the error-free delivery of the privacy notices. The data processed by decareto Privacy Widget and bunny.net includes your IP address and browser information. The services do not set cookies. Data is not stored in log files.

The purpose of the data processing is the reliable provision of our privacy notices.

Further information on the data protection regulations of the decareto Privacy Widget can be found at: https://decareto.com/privacy/