The responsible entity for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is GTS AG, Butzweilerstraße 35 -39, 50829 Cologne, Germany, info@heygold.de. The responsible entity for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

You can visit our websites without providing any personal information. Each time you call up a website, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the request.

This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our offer. According to Art. 6 para. 1 p. 1 lit. f DSGVO, this serves to protect our legitimate interests in a correct presentation of our offer, which outweigh our interests in the context of a balancing of interests. All access data is deleted no later than seven days after the end of your visit to the site.

Hosting services provided by a third-party provider

As part of processing on our behalf, a third-party provider provides hosting and website presentation services for us. This serves to protect our legitimate interests in a correct presentation of our offer, which are outweighed in the context of a balancing of interests. All data collected in the context of the use of this website or in forms provided for this purpose in the online store as described below are processed on its servers. Processing on other servers only takes place within the framework explained here.

This service provider is located within a country of the European Union or the European Economic Area.

We collect personal data when you provide it to us voluntarily in the context of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, because in these cases we need the data to process the contract, or to process your contact and you can not complete the order and / or the account opening, or send the contact without their information. Which data is collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO for contract processing and processing your requests. After complete processing of the contract, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

Data collection when visiting our website

During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• Our accessed website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you came to the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

For the fulfillment of the contract pursuant to Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping company commissioned with the delivery, if this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

Data transfer to shipping service providers

If you have given us your express consent to do so during or after your order, we will pass on your e-mail address to the selected shipping service provider on the basis of this consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO, so that the shipping service provider can contact you before delivery for the purpose of delivery notification or coordination.

The consent can be revoked at any time by sending a message to the contact option described below or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

DHL Paket GmbH
Sträßchensweg 10
53113
Bonn

Email advertising with newsletter subscription

If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.

Our email newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 (1) lit. f DSGVO and serves our legitimate interest in using a newsletter system that is effective in advertising, secure and user-friendly. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.

MailChimp uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Furthermore, MailChimp may use this data itself in accordance with Art. 6 (1) (f) DSGVO on the basis of its own legitimate interest in the needs-based design and optimization of the service, as well as for market research purposes, for example to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

To protect your data in the USA, we have concluded a data processing agreement (“Data Processing Agreement”) with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If interested, this data processing agreement can be viewed at the following internet address: http://mailchimp.com/legal/forms/data-processing-agreement/.

MailChimp is also certified under the us-European data protection agreement “Privacy Shield” and thus undertakes to comply with the EU data protection requirements.

You can view MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy/

E-mail advertising without subscribing to the newsletter and your right to refuse

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), to regularly send you e-mail offers for similar products to those you have already purchased from our range. This serves to protect our legitimate interests in addressing our customers in an advertising manner, which are outweighed in the context of a balancing of interests.

You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

The newsletter is sent as part of a processing on our behalf by a service provider, to whom we pass on your e-mail address for this purpose.

This service provider is located in the USA and is certified under the EU-US Privacy Shield. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

Papypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b DSGVO and only insofar as this is necessary for the payment processing.

PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

In order to make the visit to our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests in an optimized presentation of our offer according to Art. 6 para. 1 p. 1 lit. f DSGVO. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and allow us to recognize your browser the next time you visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Safari™: https://support.apple.com/kb/ph21411?locale=de_DE

Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html

If cookies are not accepted, the functionality of our website may be limited.

Google Analytics

Where you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The use includes the operating mode “Universal Analytics”. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze the activities of a user across devices. This privacy notice is provided by www.intersoft-consulting.de.

Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been extended by an IP anonymization in order to ensure an anonymized collection of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

Processing purposes

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

Legal basis

The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 para. 1 p.1 lit. a DSGVO.

Recipients / categories of recipients

The recipient of the collected data is Google.

Transfer to third countries

Personal data is transferred to the US under the EU-US Privacy Shield based on the European Commission’s adequacy decision. You can access the certificate here.

Duration of data storage

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

Data subject rights

You can revoke your consent at any time with effect for the future by preventing the storage of cookies through a corresponding setting of your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used. If you click here, the opt-out cookie will be set:

Disable Google Analytics

Source: https://www.datenschutzbeauftragter-info.de/fachbeitraege/google-analytics-datenschutzkonform-einsetzen/

Use of Facebook plugins

Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social Plug-in from Facebook” or “Facebook Social Plugin”. An overview of the Facebook plugins and their appearance can be found here: http://developers.facebook.com/plugins

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the “Like” button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook’s privacy policy: http://www.facebook.com/policy.php

If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. with the “Facebook Blocker” or the script blocker “NoScript” (http://noscript.net/).

Youtube video use

This website uses the Youtube embedding function to display and play videos from the provider “Youtube”, which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider “Youtube” uses cookies to collect information about user behavior. According to information from “Youtube”, these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behavior. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit.f DSGVO on the basis of Google’s legitimate interests in the insertion of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Independently of a playback of the embedded videos, a connection to the Google network “DoubleClick” is established each time this website is called up, which may trigger further data processing operations without our influence.

Google LLC, headquartered in the USA, is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

For more information on data protection at “YouTube”, please refer to the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy

As a data subject, you have the following rights:

• in accordance with Art. 15 DSGVO the right to request information about your personal data processed by us to the extent specified therein;
• in accordance with Art. 16 DSGVO the right to demand the correction of incorrect or completion of your personal data stored by us without delay;
• Pursuant to Art. 17 DSGVO, the right to request the deletion of your personal data stored by us, unless further processing is required
  • for the exercise of the right to freedom of expression and information;
  • for the fulfillment of a legal obligation;
  • for reasons of public interest; or
  • for the assertion, exercise or defense of legal claims; or
• is necessary;
• in accordance with Art. 18 DSGVO, the right to request the restriction of the processing of your personal data, insofar as
  • the accuracy of the data is disputed by you;
  • the processing is unlawful, but you object to its erasure;
  • we no longer need the data, but you require it for the assertion, exercise or defense of legal claims; or
  • you have objected to the processing in accordance with Art. 21 DSGVO;
• in accordance with Art. 20 DSGVO, the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
• the right to complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data, as well as revocation of consent given or objection to a particular use of data, please contact us directly using the contact details in our imprint.

********************************************************************

Right of objection

Insofar as we process personal data as explained above in order to protect our legitimate interests that prevail in the context of a balancing of interests, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object if there are grounds arising from your particular situation.

After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.

The duration of the storage of personal data is determined by the respective statutory retention period (e.g. retention periods under commercial and tax law). After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract and/or there is no legitimate interest on our part to continue storing it.