Data privacy policy
I. Introduction
We’re delighted that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. We would like to use this Privacy Policy to inform you about the extent to which data is collected when you use our website, and the purposes for which we use this data. We would also like to provide you with information on your rights in this regard.
II. General information
In accordance with Art. 13 of the GDPR, you’ll find information about the collection of personal data when using our website below. Personal data means all data related to you personally, e.g. name, address, email addresses, user behaviour.
The controller as per Art. 4(7) of the EU’s General Data Protection Regulation (GDPR) is
GOLDSTEIG Käsereien Bayerwald GmbH Siechen 11 93413 Cham Germany
https://www.goldsteig.de/impressum.
You can contact our data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH, Alexander Bugl, Eifelstraße 55, 93057 Regensburg, Email: kontakt@buglundkollegen.de
III. Visiting our website
a. Type and purpose of processing
When you access our website, i.e. if you do not register or otherwise transmit information, information of a general nature will be collected. This information (server log files) will include the browser type, the operating system used, the domain name of your Internet service provider, your IP address and the like. This is exclusively information that does not allow conclusions to be drawn about your person. Your data will be processed for the following purposes in particular:
- ensuring a connection to the website can be established without any problems,
- ensuring the smooth use of our website,
- evaluating system security and stability, and
- for other administrative purposes, such as loading fonts that are stored on our own servers.
We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us in order to optimise our website and the technology behind it. Under certain circumstances, we may also use another service provider in order to be able to present the Privacy Policy. This process involves the use of an embedding code through which your IP address is transmitted to said service provider.
We process your data on the basis of our legitimate interest for a limited time in order to derive personal data in the event of unauthorised access or attempted access to local servers and to be able to properly present the Privacy Policy.
b. Legal basis of processing
Your data is processed in accordance with point (f) of Art. 6(1) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
c. Data categories
IP address, time stamp, browser used, etc.
d. Recipients
The recipients of the data are internal employees of Goldsteig and, where applicable, data processors, who process data for the operation and maintenance of our website.
e. Retention period
The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. For the data used to provide the website, this is generally when the respective session has ended.
f. Legal/contractual requirements
You are not legally or contractually required to provide the aforementioned personal data. However, without the IP address, it is not guaranteed that our website will work. In addition, individual services may be unavailable or limited.
g. Transfer to third countries
Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).
h. Option to object
You have the right to object to the processing of your personal data at any time. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
IV. Use of cookies
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which the entity that sets the cookie (in this case us) receives certain information. They serve to make our website more user friendly and effective.
We use two different categories of cookies: (a) essential cookies, without which the functionality of our website would be restricted, and (b) optional cookies for the purpose of website analysis and marketing.
The use of optional cookies is based on your consent (point (a) of Art. 6(1) of the GDPR).
We describe the optional cookies used on our website in detail in our cookie banner.
V. Hosting
The hosting services we use (services for operating and providing the website) are used to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, email distribution, security services as well as technical maintenance services that we use for the purpose of operating this website.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our website on the basis of our legitimate interest in the efficient and safe provision of this website as per point (f) of Art. 6(1) of the GDPR in conjunction with Art. 28 of the GDPR (conclusion of order processing contract).
VI. Contact
a. Type and purpose of processing
The data you entered in the contact form is saved and stored for the purpose of individual communication with you. It is necessary to enter a valid email address and your name for this. This is for the assignment of your query and the subsequent response to the same. Entering additional data is optional. If you contact us by email, the data you have shared (email address, if applicable your name and telephone number, etc.) will also be processed for the purpose of individual communication.
b. Legal basis of processing
The data provided is processed on the basis of a legitimate interest (point (f) of Art. 6(1) of the GDPR). By providing the contact form and our email address, we want to make it easy for you to get in touch with us. The information you provide will be stored for the purpose of processing your query and for any possible follow-up questions. If you get in touch with us to ask for a quote, the data entered will be processed to carry out pre-contractual measures (point (b) of Art. 6(1) of the GDPR).
c. Data categories
Forename and surname, contact details, address details
d. Recipients
The recipients of the data are internal employees of Goldsteig and, where applicable, data processors such as IT service providers.
e. Retention period
Data is erased no later than 6 months after your query has been processed. If a contractual relationship is established as a result, we will be subject to the statutory retention periods as per the German Commercial Code (HGB) and will erase your data upon expiry of this period.
f. Legal/contractual requirements
The provision of your personal data is voluntary. However, we can only process your query if you disclose your name, your email address and the reason for your query.
g. Transfer to third countries
Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).
h. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
VII. Registering on our website
a. Type and purpose of processing
When registering to use our personalised services, some personal data is collected, such as your name, address, contact details and communication information (e.g. phone number and email address). If you are registered with us, you can access content and services that we only provide to registered users. Registered users also have the option of changing or erasing the data provided during registration at any time if they wish to do so. In addition, we will provide you with access to information about the personal data we have stored about you at any time.
b. Legal basis of processing
The data provided during registration is processed on the basis of the user’s consent (point (a) pf Art. 6(1) of the GDPR).
c. Data categories
Forename and surname, contact details, address details
d. Recipients
The recipients of the data are internal employees of Goldsteig and, where applicable, data processors such as IT service providers, who process data for the operation and maintenance of our website.
e. Retention period
Data is only processed in this context so long as the corresponding consent remains valid. The data will be erased afterwards so long as no statutory storage obligations oppose this. To contact us about this, please use the contact details given at the start of this Privacy Policy.
f. Legal/contractual requirements
The provision of your personal data is voluntary, and is based solely on your consent. We cannot grant you access to the content or services we offer unless you provide your personal details.
g. Transfer to third countries
Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).
h. Withdrawal of consent
You can withdraw your consent to the storage of your personal data at any time with effect for the future. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
VIII. Subscribing to our newsletter
a. Type and purpose of processing
Your data will only be used to email you the newsletter to which you have subscribed. We ask you to provide your name so that we can address you personally in the newsletter and, if necessary, to identify you if you want to exercise your rights as a data subject. Providing your e-mail address is sufficient for you to receive the newsletter. When subscribing to our newsletter, the data provided by you is only used for this purpose. Subscribers can also be informed via e-mail about circumstances that are relevant to the service or the subscription (such as changes to the newsletter offer or technical conditions). We need a valid email address for effective registration. In order to check that the registration was actually made by the owner of an email address, we use the “double opt-in” procedure. For this purpose, we log the request to subscribe to the newsletter, the sending of a confirmation email and the receipt of the requested response. No other data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.
In addition, our sent newsletters enable us to analyse the behaviour of newsletter recipients. The things we can analyse include how many recipients opened the newsletter email, which links are clicked on and how often, and how many unsubscriptions the newsletter resulted in. All these are aggregated data. It is not possible for us to draw any direct conclusions about you as a person.
If you have purchased goods and/or services from us, we are entitled to send you information about similar goods and services using the email address you gave us at the time of purchase (Section 7 III of the Act against Unfair Competition – UWG). You can object to the use of your email address at any time, either as a whole or for individual measures, e.g. by email, post or via the unsubscribe link in our newsletter.
b. Legal basis of processing
We will regularly send our newsletter or similar information by email to the email address you provided on the basis of your express consent (point (a) of Art. 6(1) of the GDPR) or on the basis of our legitimate interest (point (f) of Art. 6(1) of the GDPR) in conjunction with the requirements of Section 7 III of the UWG.
c. Data categories
Email address, forename and surname, maybe IP address, etc.
d. Recipients
The recipients of the data are internal employees in the Marketing and Sales department and IT service providers for sending the newsletter within the scope of commissioned data processing as per Art. 28 of the GDPR.
e. Retention period
Your data is only processed in this context so long as the corresponding consent remains valid or until you object to the processing. The data will then be erased.
f. Transfer to third countries
Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).
g. Withdrawal of consent / objecting to processing
You can withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future. There is a link for this in every newsletter. You can also unsubscribe directly on this website or inform us that you are withdrawing your consent using the contact details provided at the start of this Privacy Policy.
h. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
IX. Information requirements in the application procedure
a. Type and purpose of processing
We process applicant data only for the purpose of and within the framework of an application procedure in accordance with legal requirements. The applicant data is processed to fulfil our (pre-)contractual obligations within the scope of the application procedure, insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures.
The application procedure requires applicants to provide us with application data. The required applicant data is marked if we offer an online form, otherwise will come from the job description and generally include personal details, postal and contact addresses and the documents associated with the application, such as a cover letter, curriculum vitae and references. Applicants can also voluntarily provide us with additional information. By submitting an application to us, applicants consent to the processing of their data for the purposes of the application procedure in the manner and to the extent set forth in this Privacy Policy. If provided, applicants can submit their applications using an online form on our website. The data is encrypted in a state-of-the-art manner and sent to us. Applicants can also send an e-mail to bewerbungen@goldsteig.de to submit an application. However, please note that e-mails are generally not sent in an encrypted form and that applicants themselves shall provide for such encryption. Therefore, we accept no responsibility for transmission of applications from the sender to our server and recommend using an online form or to send the application by letter. The data provided by applicants may be processed further by us for employment purposes in the event of a successful application.
b. Legal basis of processing
Your data is primarily processed for the purposes of establishing an employment relationship as per Art. 88(1) of the GDPR in conjunction with Section 26(1) German Data Protection Act – BDSG.
c. Data categories
Your master data (i.e. forename, surname, name affixes, date of birth), work permit / residence permit if applicable, contact details (e.g. personal address, (mobile) phone number, email address), details on skills (e.g. special knowledge and skills) if relevant to the advertised position: medical suitability and other details will be taken from application documents.
If special categories of personal data within the meaning of Art. 9(1) of the GDPR are voluntarily provided, they will also be processed in accordance with point (b) of Art. 9(2) of the GDPR (e.g. health-related data such as severe disability or ethnic origin).
d. Recipients
The recipients of the data are internal employees of Goldsteig (e.g. department, works council, severely handicapped employee representative)
e. Retention period
Subject to reasonable withdrawal by the applicants, the data will be erased once 6 months have passed so that we can respond to any follow-up questions and to allow us to satisfy our obligation to provide proof as per the Act on Equal Treatment. Invoices for any travel expenses reimbursed shall be archived in accordance with tax law requirements.
f. Legal / contractual requirements
The provision of your personal data beyond the retention period (e.g. in order to be included in our applicant pool) is voluntary, and is based solely on your consent. You may withdraw this consent to the storage of your personal data at any time with effect for the future.
g. Transfer to third countries
Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).
h. Withdrawal of consent
If an application to fill an open vacancy is unsuccessful, the applicant’s data will be erased. An applicant’s data will also be erased if they withdraw their application, which the applicant is entitled to do at any time. You can withdraw your consent to the storage of your personal data beyond the retention period at any time with effect for the future. You can notify us of the withdrawal of your consent at any time using the contact details provided at the beginning of this Privacy Policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
X. Your rights
If your personal data is processed as a user, you are deemed to be a data subject as per the GDPR. Data subjects have the following rights vis-à-vis the controller:
- Right of access (Art. 15 of the GDPR)
- Right to rectification or erasure of personal data (Art. 16, 17 of the GDPR)
- Right to restriction of processing (Art. 18 of the GDPR)
- Right to notification regarding the rectification or erasure of your personal data or the restriction of processing (Art. 19 of the GDPR)
- Right to data portability (Art. 20 of the GDPR)
- Right to object (Art. 21 of the GDPR)
- Right to withdraw any declarations of consent given. The lawfulness of the data processing carried out based on consent valid until that point shall not be affected by its withdrawal. (Art. 7(3) of the GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)
Contact details for the supervisory authorities of individual German federal states
XI. Whistleblower message
This information is relevant for whistleblowers who have not opted for anonymous reporting and for those named in the message.
a. Type and purpose of processing
Some personal data may be collected during the whistleblower message and the case login. If the reporting person has opted to send their report in anonymous form, their personal data will be used to handle the case. Likewise, personal data of a data subject contained in the whistleblower report may be processed and used to clarify and process the facts of the case. If the whistleblower has made a report, they can log in via the case login with case number and password.
b. Legal basis
The provision of the portal and the processing of the case is based on a legal obligation (point (c) of Art. 6(1) of the GDPR).
c. Data categories
Whistleblower: Email address, telephone number, forename, surname, your message, any other data that whistleblower sends us unsolicited
Data subjects: The information may vary depending on the whistleblower message. As a rule, at least the name.
d. Source of data
whistleblower
e. Recipient
The recipient of the data is the whistleblower external ombudsperson and BKP Compliant GmbH (https://www.whistleblowing-compliant.eu/) and Proof Point development GmbH (https://www.conida.com) as the processor
f. Retention period
In this context, data will only be processed as long as the corresponding purpose exists. The data will be erased afterwards so long as no statutory storage obligations oppose this.
g. Legal/contractual requirements
The provision of the whistleblower's personal data is voluntary.
h. Transfer to third countries
Your data is not processed outside of the European Union (EU) or the European Economic Area (EEA).
i. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
XII. Use of Google Maps
a. Type and purpose of processing
We also use the service Google Maps on this website. Google Maps is operated by Google Cloud EMEA Ltd. This allows us to show you interactive maps on our website and enables you to use the convenient map function. More information on how Google processes data can be found in Google’s Privacy Policy. You can also amend your personal privacy settings in the privacy centre. When you visit the website, Google receives information that you accessed the corresponding subpage on our website. This happens regardless of whether Google has provided a user account via which you are logged in, or whether no such user account exists. If you are logged into Google, your data will be assigned directly to your account. If you do not want this data to be assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or designing their website to meet demand. Such an evaluation takes place in particular (even for users who are not logged in) to provide personalised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile; you must contact Google to exercise this right.
b. Legal basis of processing
The legal basis for the integration of Google Maps and the associated transfer of data to Google is your consent (Art. 6(1)(a) GDPR).
c. Data categories
IP address, time stamp, browser used, etc.
d. Recipients
The recipients of the data are internal employees of Goldsteig and Google as data processors.
e. Retention period
Data is only processed in this context so long as the corresponding consent remains valid. The data will be erased afterwards so long as no statutory storage obligations oppose this. To contact us about this, please use the contact details given at the start of this Privacy Policy.
f. Legal/contractual requirements
The provision of your personal data is voluntary, and is based solely on your consent. If you prevent access, this may result in website features being restricted.
g. Transfer to third countries
It cannot be ruled out that your data is also processed outside of the European Union (EU) or the European Economic Area (EEA).
h. Withdrawal of consent
If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. However, in this case you will only be able to use our website to a limited extent if at all. You can withdraw your consent to the storage of your personal data at any time with effect for the future.
i. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
XIII. Facebook, YouTube and Instagram profiles
We maintain profiles on social networks to inform the users active there about our services and to communicate directly via the platforms if they are interested. We currently have presences on the below networks:
https://www.facebook.com/GoldsteigKaesespezialitaeten
https://www.youtube.com/user/GoldsteigKaesereien
https://www.instagram.com/goldsteig kaesespezialitaeten/
Visitors to our website can only access our social media channels via external links. We do not use plug-ins or other interfaces that are offered by the respective networks to embed their service on websites.
We have no influence on the data collected or on how they are processed by the social networks. We do not know the extent to which data is stored, where it is stored or for how long it is stored, the extent to which the networks meet existing erasure obligations, which manners of analyses are carried out and which links are established with the data, and to whom the data are passed on. We are therefore drawing attention to the fact that user data (e.g. personal information, IP address) is stored by the network operators in accordance with their respective data usage policies and is used for commercial purposes.
We process the data of social media users insofar as they contact and communicate with us via comments or direct messages.
The legal foundation for processing user data is points (b) and (f) of Art. 6(1) of the GDPR.
- Facebook/Instagram
- YouTube
You can access the social media network Facebook by clicking on external links on our website. All the social media network’s features are provided by Meta Platforms Ireland Ltd. Facebook channels are accessible only via an external link. If you are logged on to Facebook by using your own profile and access our social media channel, Facebook will be able to assign your visit to your profile. If you do not want your user account to be assigned to your IP address, please log out of your Facebook account before using our website. For more information on the processing of your data, we would like to refer you to Facebook’s Privacy Policy: https://facebook.com/privacy/explanation and to our Facebook fan page data policy, which can be found below.
Our online offer includes no functions or contents of YouTube, a service offered by Google Ireland Limited. The YouTube channels can only be accessed via an external link. If website visitors are members of the YouTube platform, YouTube can assign their access to the social media channel to the users’ profiles if they visit our YouTube profile while being logged on. We would like to point out that we have no influence on the content or scope of usage of the data collected by YouTube. For more information on this, we would like to refer you to YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=de. We would also like to point out that you can make changes to your YouTube account to protect your privacy.
XIV. TikTok profile
a. Type and purpose of processing
We are delighted that you are interested in our presence on TikTok. We would like to give you an overview of the data we collect, use and store there.
Social networks can usually comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media profile on TikTok, numerous privacy-related processing procedures are triggered. Specifically:
If you are logged into your TikTok account and visit our social media profile, TikTok can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have a TikTok account. In this case, the data would be collected via cookies stored on your device or by recording your IP address. By using data collected in this way, TikTok can create user profiles in which your preferences and interests are recorded. This means you can be shown adverts related to your interests both inside and outside TikTok. If you have an account on TikTok, these adverts related to your interests may be shown on all devices on which you are or were logged in. Please also note that we cannot track all processing procedures performed by TikTok. It is possible, therefore, that other processing procedures are performed by TikTok. You can find details about this in TikTok’s Terms of Service and Privacy Policy.
b. Legal basis of processing
Your data is processed in accordance with point (f) of Art. 6(1) of the GDPR on the basis of our legitimate interest in being able to contact our customers. The analysis processes initiated by TikTok may be based on different legal grounds, which must be stated by TikTok (e.g. consent as defined by point (a) of Art. 6(1) of the GDPR).
c. Data categories
Please refer to the TikTok privacy policy regarding which data is collected and how it is used:
TikTok: https://www.tiktok.com/legal/privacy-policy?lang=de
d. Recipient
- Employees of the company
- TikTok
e. Retention period
Once the purpose for which it was collected has ceased to exist and once we have finished using TikTok, the data collected in this context will be erased.
f. Legal/contractual requirements
The provision of your personal data is voluntary. We cannot grant you access to the content or services we offer unless you provide your personal details.
g. Transfer to third countries
Your data is also processed by TikTok outside of the European Union (EU) or the European Economic Area (EEA).
h. Withdrawal of consent
If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. If you would like to exercise your right to object, an email to the contact address above is enough.
i. Automated decision-making and profiling
As a responsible company, our data processing does not include automated decision-making or profiling.
XV. Pinterest online presence
a. Processing nature and purpose
We are pleased that you are interested in our PINTEREST presence. We would like to give you an overview of the data we collect, use and store there.
Social networks can usually comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). When accessing our Pinterest social media presence, numerous processing operations are triggered that are relevant to data protection. Specifically:
If you are logged into your Pinterest account and visit our social media presence, Pinterest is able to allocate this visit to your user account. However, your personal data may also be collected if you are not logged on or if you do not have a Pinterest account. In this case, the data would be collected via cookies stored on your device or by recording your IP address. By using data collected in this way, Pinterest can create user profiles in which your preferences and interests are recorded. This means you can be shown adverts related to your interests both inside and outside Pinterest. If you have a Pinterest account, interest-related advertising can be shown on all devices on which you are or were logged on. Please also note that we are not aware of all processing steps on Pinterest. Therefore, Pinterest might process such data even further. You can find details about this in Pinterest’s Terms of Service and Privacy Policy.
b. Legal basis of processing
Processing is based on our legitimate interest in contacting our customers pursuant to point (f) of Art. 6(1) of the GDPR. The analysis processes initiated by Pinterest may be based on different legal grounds, which must be stated by Pinterest (e.g. consent as defined by point (a) of Art. 6(1) of the GDPR).
c. Data categories
Please refer to the Pinterest privacy policy regarding which data is collected and how it is used:
Pinterest: https://about.pinterest.com/de/privacy-policy
d. Recipient
- Employees of the company
- Pinterest
e. Retention period
Once the purpose to use Pinterest for us no longer exists, any data collected in this context will be erased.
f. Legal / contractual requirements
The provision of your personal data is voluntary. We cannot grant you access to the content or services we offer unless you provide your personal details.
g. Transfer to third countries
It cannot be ruled out that your data is also processed outside of the European Union (EU) or the European Economic Area (EEA)
h. Right to object
If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. If you would like to exercise your right to object, an email to the contact address above is enough.
i. Automated decision-making and profiling
As a responsible company, we do not use automatic decision-making or profiling for data processing.
XVI. Facebook Page
GOLDSTEIG Käsereien Bayerwald GmbH has a profile on Facebook, also known as a Facebook Page. The below information regarding data processing additionally apply to visiting our fan page. General information on data protection on Facebook can be found here (https://www.facebook.com/about/privacy/).
1. Joint controllership; contact details; company data protection officer:
As per Art. 26 of the GDPR we are jointly responsible for operating our Facebook Page with Facebook. To this end, we concluded an agreement with Facebook to determine the duties regarding data protection for each party. This agreement can be viewed here(https://www.facebook.com/legal/terms/page_controller_addendum). According to this agreement, Facebook is primarily responsible for providing data subjects with information about joint processing activities and enabling them to exercise their data protection rights. Regardless, we hereby provide you with information about your visit to our Page.
Our contact details are:
GOLDSTEIG Käsereien Bayerwald GmbH
Siechen 11 93413 Cham Germany
You can contact Facebook at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
You can contact Facebook online here (https://www.facebook.com/legal/terms?ref=pf)
You can contact our company’s data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstraße 55
93057 Regensburg
Email: kontakt@buglundkollegen.de
You can contact Facebook’s data protection officer at
https://www.facebook.com/help/contact/540977946302970.
2. Collection and storage of personal data and their type, purpose and use:
a) Data recorded by Facebook:
If you are a Facebook user, Facebook collects the data described in the Facebook privacy policy in the section titled “What types of information do we collect?”. If you are not a Facebook user, cookies (small text files) with identifiers may still be stored in your browser, thus making it possible to track your user behaviour.
Usually, data collected when visiting Facebook is also processed by Facebook for market research and advertising purposes. Based on the user behaviour (also when visiting our fan page), Facebook creates complex user profiles which it can use to display personalised ads on Facebook and other websites. You can find more information about this in Facebook’s Privacy Policy.
If you do not agree with this, you can click here to opt out.
b) Data used by us (“Page Insights”) and legal grounds:
Facebook provides us with statistics and usage data that we can use to analyse the use of our Page ( “Page Insights”). This allows us to continuously improve our Facebook Page. As the operator, we do not make any decisions regarding the processing of Insights data or any other information under Art. 13 of the GDPR, such as storage period of cookies on end user devices. As per the GDPR, the primary responsibility for the processing of Insights data lies with Facebook and Facebook meets all GDPR obligations with regard to the processing of Insights data.
We, as the Page administrator, have no other way – including user tracking – to evaluate user behaviour on our Page. It is inherently impossible for us to identify visitors to our Page using the Page Insights. In particular, in accordance with the agreement, we have no right to ask Facebook to disclose individual visitor data. Identification is possible only if we can assign individual profile pictures to page “likes”, but exclusively in the cases where the respective visitor clicked on the “Like” button on our fan page and “Like” information was set to “public”.
You can find which information Facebook uses to generate Page Insights here.
Facebook fan page operation and page insights usage serve our legitimate interest in effective external representation and efficient communication with our customers and prospective customers. This interest justifies the operation of the page, both vis-à-vis the legitimate interests of Facebook users and vis-à-vis visitors to our fan page who do not have a Facebook account. Accordingly, the legal foundation for this is point (f) of Art. 6(1) of the GDPR.
3. Passing data on to third parties:
Data collected by Facebook is exchanged and processed within the entire Facebook group. Instagram, WhatsApp and Oculus are also part of the Facebook group. For example, information collected by Facebook is used to display to the users personalised advertisements on Instagram and information collected by WhatsApp is used to take action on Facebook against accounts which use WhatsApp to send spam messages. This information is available in the Facebook privacy policy in the section titled “How do the Facebook companies work together?”.
When Facebook processes data, it may be the case that user data is transferred outside of the European Economic Area (EEA), particularly to the USA.
4. Right to object:
If your personal data is processed on the basis of legitimate interests as per point (f) of Art. 6(1) of the GDPR, you have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data provided that there are reasons for doing so that arise from your particular situation or that the objection is against direct advertising. In the latter case, you have a general right to object, which we will implement without any particular situation being stated. If you would like to exercise your right to object, it is sufficient to send an email to info@goldsteig.de or to use our contact form.
5. Data subject rights:
You have the right to withdraw your consent to us at any time. This will have the result that we will no longer be allowed to continue any data processing that was based on this consent in the future. You also have the right of access as per Art. 15 of the GDPR, the right of rectification as per Art. 16 of the GDPR, the right to erasure as per Art. 17 of the GDPR, the right to restriction of processing as per Art. 18 of the GDPR and the right to data portability as per Art. 20 of the GDPR. Furthermore, you also have the right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)
In principle, you may assert your rights as a data subject against both Facebook and us. Since only Facebook has direct access to your user data, it is more effective to assert your data subject rights against Facebook.