Data Privacy Statement

The protection of personal data is an important concern for us, the company Gold Engineering GmbH. In principle, it is possible to use our website without providing personal data. If a natural person contacts us, it is however possible that his/her personal data will be processed. By means of the following information, we wish to provide comprehensive information on the type, scope and purpose of the data processing carried out by us and further inform the data subjects of the rights to which they are entitled. 

The controller responsible for the data processing is: 

Gold Engineering GmbH
Kaiser-Wilhelm-Strasse 115
20355 Hamburg  

Our internal data protection officer can be contacted as follows:  

Mr. Wilhelm Bahlburg
Kaiser-Wilhelm-Strasse 115
20355 Hamburg
Tel: 040 / 41 34 96 0
Email: contact@gold-engine.com 

1. Type and source of personal data

(A) Collection of general data and information (log files) 

A range of general data and information concerning the respective user is automatically collected during use of our website. For example, the system used, the operating system used, the date and time of access, the IP address or other data and information serving the security and safeguarding of the website may be stored in so-called log files. 

(B) Contacting by email 

When we are contacted by email, the data communicated by the data subject are stored by us in order to answer the data subject’s questions. The data arising in this connection are immediately erased by us once storage is no longer necessary. 

(C) Data protection in the case of applications and application procedures 

Personal data arising from application documents sent to us are processed exclusively for the purpose of handling the application procedure. In this respect, it is irrelevant in what form the documents are sent. Processing may also take place electronically. This is particularly the case if the corresponding application documents are sent by email.  

2. Purpose of the processing of personal data

In principle, we process personal data only if this is permitted under the GDPR (General Data Protection Regulation). In this respect, the purposes of the processing ensue from Article 6 GDPR. 

(A) For the fulfilment of contractual duties or precontractual measures 

Personal data are processed in order to render services within the scope of our contractual obligations in relation to our customers and suppliers. This also includes precontractual measures taken after an enquiry has been received. 

(B) In the context of a balancing of interests 

In order to safeguard legitimate interests, we process personal data even beyond the actual performance of the contract, insofar as this is necessary. This may occur in the form of, for example, measures for analysing customer behaviour and may also include advertising, unless use of your data has been objected to. 

(C) Consent to data processing for certain purposes 

Where a natural person has granted us his/her consent to the use of his/her data for a certain purpose (e.g. sending of newsletters, sending of promotional articles), the lawfulness of the processing of this person’s data is based on this consent. Such consent may be revoked at any time.

3. Recipients of personal data

Within our company, only persons who need access to personal data in order to fulfil our contractual and statutory duties are given access to personal data. Furthermore, personal data may also be passed on to external service providers and authorised agents. In detail, these encompass IT service providers, logistics companies, banks, telecommunication companies, government agencies and tax consultants. Such service providers are so-called processors that operate only at our instruction and are contractually obliged to comply with the applicable requirements under data protection law or are additionally bound to a professional obligation to maintain a high level of security. It is explicitly pointed out that any transfer of data to countries outside of the EU (referred to in the GDPR as so-called third countries) shall take place only insofar as this is necessary for the performance of the contract, this is prescribed by law, or the data subjects have consented thereto. If service providers are used in third countries, an appropriate level of protection for the personal data shall be ensured.

4. Duration of storage of personal data

We process and store personal data only as long as necessary for the fulfilment of our contractual and statutory duties. If the personal data are no longer necessary for the fulfilment of contractual or statutory duties, we shall erase these data, unless:  

  • The personal data fall under the requirement to fulfil retention duties ensuing under commercial and fiscal law, for example under the Handelsgesetzbuch (HGB) [German Commercial Code] or the Abgabenordnung (AO) [Tax Code]. The retention periods prescribed therein may be up to 10 years. 
  • The personal data are preserved as evidence within the scope of statutory provisions concerning the statute of limitation. According to the Bürgerliches Gesetzbuch (BGB) [German Civil Code], the limitation periods may be up to 30 years. 

5. Rights of data subjects

The GDPR confers extensive rights upon data subjects. In detail, these are the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to data portability under Article 20 GDPR and the right to object under Article 21 GDPR. Moreover, the data subject has the right to lodge a complaint with the relevant data protection supervisory authority in the event of a breach of the provisions concerning data protection.
Any data subject who has granted us consent to the processing of his/her personal data may revoke this consent at any time. This also relates to consent given before the GDPR entered into effect, if applicable. Data processing that took place prior to revocation shall not be affected by this right of revocation.