Data Privacy

(As of 05.03.2026)

The protection of your personal data is an important concern for us. We treat your
personal data confidentially and in accordance with the statutory data protection regulations, in particular Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR for short) and the Federal Data Protection Act (BDSG) as well as
this data protection declaration.

1. Controller
Goldvertise Media GmbH Beta-Straße 10H 85774 Unterföhring Germany
E-mail: info.de@goldvertise.com
Website: https://goldvertise.com
Authorized representative: Managing Director Frank Möbius
Commercial Register: HRB No. 214356
Registration court: Munich District Court
Data Protection Officer: datenschutz@goldvertise.com
If you have any questions about data protection, you can contact us at any time.

2. General information on data processing
We process personal data only to the extent that this is necessary to provide a
functional website as well as our content and services or you have consented to
this. The collection, processing and use of your data is carried out in accordance
with the requirements of the General Data Protection Regulation (GDPR) and the
Federal Data Protection Act (BDSG).
Personal data is any information relating to an identified or identifiable natural
person.

3. Provision of the website and server log files
When you visit our website, our web server automatically collects and stores
information transmitted by your browser:

  • IP address (shortened/anonymized)
  • Date and time of access
  • URL of the accessed page
  • Referrer (previously visited page)
  • Browser type and version
  • Operating System
  • Amount of data transferred
  • Notification of successful retrieval

Purpose: This data is technically necessary to display the website correctly and
to ensure stability, security and optimization.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a secure and stable
website)
Storage period: The data is automatically deleted after 7 days at the latest,
unless security-relevant retention is required.

4. Use of the Usercentrics Consent Management Platform
We use the Usercentrics Consent Management Platform (Usercentrics GmbH,
Sendlinger Straße 7, 80331 Munich) to manage the consents of our website
visitors.

Processed data:

  • Timing and status of consent
  • Browser Information, Device Information
  • Anonymized IP address
  • Preferences for the activated services

Legal basis: Art. 6 (1) (c) GDPR (legal obligation to provide evidence of consent)
and Art. 6 (1) (f) GDPR (legitimate interest in legally compliant administration)
Location: Server within the EU
Storage period: 12 months
Further information: https://usercentrics.com/de/privacy-policy/

5. Services used

5.1 Google Maps
We occasionally integrate interactive maps from the Google Maps service
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Processed data:

  • IP address
  • Location data (if location services are enabled)
  • Device Information
  • Usage behaviour

Purpose: Presentation of interactive maps and location-based information
Legal basis: Art. 6 (1) (a) GDPR (consent via consent banner)
Data transfer: Data transfer to the USA is based on the EU-U.S. Data Privacy
Framework
Revocation: You can revoke your consent at any time via the Usercentrics banner.
Further information: https://policies.google.com/privacy

5.2 Ticket system pretix
For our ticket sales via our website, we occasionally use the ticket system pretix
(pretix GmbH, Berthold-Mogel-Straße 1, 69126 Heidelberg). In order to process
the order process, the data you enter will be processed by pretix on our behalf in
accordance with Art. 28 GDPR. Pretix uses technically necessary cookies to enable
the ordering process.

Processed data:

  • Order/ticket data (order, ticket, status, etc.)
  • Buyer/participant data e.g. email, first and last name, company)
  • Payment and refund data
  • Cookies for the shopping cart/ordering process

Purpose: Sale and management of tickets
Legal basis: Art. 6 (1) (b) GDPR on the basis of the performance of the
contractand Art. 6 (1) (f) GDPR on the basis of our legitimate interest in user
friendly and efficient ticket sales as well as Art. 6 (1) (c) GDPR for the fulfilment
of statutory retention obligations
Location: Server within the EU
Storage period: Pretix stores technical data such as IP address, browser
information or other metadata only for the duration of the request and then deletes
it automatically.
Personal order data is generally only stored for as long as is necessary for the
execution of the contract (Art. 6 para. 1 lit. b GDPR). In addition, statutory
retention periods apply, especially fordocuments relevant to tax law (usually10
years).
Further information: https://pretix.eu/about/de/privacy

5.3 Newsletter dispatch after registration / “Brevo”
We use the external service provider “Brevo” (Sendinblue GmbH, Köpenicker
Straße 126, 10179 Berlin) to automatically send our newsletter to the e-mail
address you have provided. “Brevo” acts as a processor for us in accordance with
Art. 28 GDPR and uses the data exclusively for sending the newsletter. After
submitting your registration, you will receive an e-mail asking you to confirm your
registration (double-opt-in procedure). Only after this confirmation will your email
address be added to the mailing list. This procedure ensures that no one can log
in with a foreign email address.

Processed data:

  • Data entered during registration, at least the email address, first and last
    name if applicable, if specified
  • IP address
  • Date and time of registration
  • Usage data for email and tracking
  • Information on user behaviour in the newsletter

Purpose: automated dispatch of the “Goldvertise” newsletter after registration via
the website https://goldvertise.com
Legal basis: Art. 6 para. 1 lit. a GDPR by consent when subscribing to the
newsletter and Art. 6 para. 1 lit. f GDPR due to the legitimate interest in efficient
communication, analysis and optimization of our offers
Storage period: during subscription, deletion of data after unsubscribing from
the newsletter, unless statutory retention obligations must be observed
Data transmission: Processing locations are servers in Germany and France.
According to the service provider, a transfer to third countries only takes place if
this is technically necessary. Further transmission to third parties does not take
place, except within the framework of legal obligations.
Revocation: You can revoke your consent at any time for the future, e.g. via the
unsubscribe link in the newsletter. Your data will be deleted after deregistration,
provided that there are no legal retention obligations.
More information: Privacy Policy – Personal Data Protection

5.4 Application process/career page/use of Teamtailor and the “Apply via
LinkedIn” function
We offer a careers page on our website where you can apply for advertised
positions directly or via the “Apply via LinkedIn” function. All personal data that
you provide as part of the application process will be processed by our applicant
management system Teamtailor (Teamtailor AB, Östgötagatan 16, 116 25
Stockholm, Sweden). Teamtailor acts as a processor in accordance with Art. 28
GDPR and may use sub-processors. When using the “Apply via LinkedIn” function,
personal data may be transmitted to LinkedIn. LinkedIn Ireland Unlimited
Company is its own controller of data processing on its platform.

Processed data from Teamtailor:

  • All data provided during the application process (e.g. name, contact details, email, telephone number, application documents, cover letter, CV, certificates, proof of qualifications)
  • Communication data
  • Log data in the application process (e.g. receipt, status)

Data processed when using the “Apply via LinkedIn” feature:

  • Access via our website on LinkedIn
  • vacancy/position that you are targeting via LinkedIn
  • Profile data submitted for the application
  • Login or contact functions via LinkedIn

Purpose: Processing and management of the application process
Legal basis: Art. 6 (1) (b) GDPR (implementation of pre-contractual measures)
and Art. 6 (1) (a) GDPR (if optional voluntary information is requested)
Storage period: until a decision is made on your application or six months after
completion of the application process, provided that there are no statutory
retention obligations or consent to longer storage (e.g. talent pool).
Data transfer: Teamtailor: Processing and storage on servers within the European
Union or with European cloud providers, possibly use of subprocessors (according
to the current list of subcontractors in Teamtailor’s privacy policy), LinkedIn: Data
transfer to the USA is based on the EU-U.S. Data Privacy Framework
Information, correction, deletion: You can request information, correction and
deletion of your personal data at any time. Your personal data will be deleted if
one of the legal reasons (e.g. cessation of the purpose of processing) applies.
Further information: Privacy Policy | Teamtailor and LinkedIn Privacy Policy

5.5 Applicant talent pool (“Connect”) via Teamtailor
On our careers page, we offer interested parties the opportunity to register for our
talent pool via the “Register applicants with Connect” function. To use this function,
we use the “Connect” feature of the Teamtailor applicant management system.
Candidates can either enter their email address or log in via their LinkedIn profile.
Teamtailor acts as a processor in accordance with Art. 28 GDPR within the
framework of the talent pool. LinkedIn Ireland Unlimited Company is its own
controller of data processing on its platform.

Processed data when registering by email:

  • Email address
  • Details of desired roles, departments or locations
  • Optionally, further profile data provided by the candidate himself

Data processed when logging in via LinkedIn:

  • Profile information (name, contact details, professional details)
  • Location data via IP address
  • Usage behaviour

Purpose: Building relationships with potential future candidates, contacting and
notifying you of suitable future positions
Legal basis: Art. 6 (1) (a) GDPR by consent to inclusion in the talent pool, job
notifications and registration via LinkedIn, Art. 6 (1) (b) GDPR for the
implementation of pre-contractual measures regarding the initiation of an
application relationship and Art. 6 (1) (f) GDPR due to legitimate interest in
efficient personnel recruitment
Storage period: Data in the talent pool will be retained for as long as necessary
to pursue the purpose or until you withdraw your consent. After that, the data will
be deleted, unless there are any legal retention obligations.
Data transfer: Teamtailor: Processing and storage on servers within the European
Union or with European cloud providers, possibly use of subprocessors (according
to the current list of subcontractors in Teamtailor’s privacy policy), LinkedIn: Data
transfer to the USA is based on the EU-U.S. Data Privacy Framework
Rights of data subjects: You can request information, correction and deletion of
your personal data at any time. Your personal data will be deleted if one of the
legal reasons (e.g. cessation of the purpose of processing) applies.
Further information: Privacy Policy | Teamtailor and LinkedIn Privacy Policy

6. Cookies and local storage
Our website uses gfls. Cookies and similar technologies:

Technically necessary cookies:

  • Session cookies for functionality
  • Security cookies
  • Legal basis: Art. 6 para. 1 lit. f GDPR

Other cookies:

  • Only with your explicit consent
  • Legal basis: Art. 6 para. 1 lit. a GDPR

You can adjust your cookie settings at any time via the Usercentrics consent banner
or manage them in your browser settings.

7. Contacting us
You can contact us via our website by e-mail or via the LinkedIn logo embedded
on our website. LinkedIn is only called up as an external service by clicking on the
logo. LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2,
Ireland is responsible for data processing.

Processed data when contacting us by email:

  • Name
  • E-mail address
  • News content
  • Time of contact

Data processed when logging in via LinkedIn:

  • Profile information (name, contact details, professional details)
  • Location data via IP address
  • Usage behaviour

Purpose: Processing your request and communication
Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation) or Art. 6 para. 1 lit. f
GDPR (legitimate interest in processing inquiries)
Storage period: Until your request has been fully processed, then deleted after
2 years
Data transfer: if you register via LinkedIn: Data transfer to the USA is based on
the EU-U.S. Data Privacy Framework
Further information: https://www.linkedin.com/legal/privacy-policy

8. Data transfer to third countries
Some of the providers mentioned (e.g. Google) are based outside the EU. Data
will only be transmitted if:

  • Adequacy decision of the EU Commission (e.g. EU-U.S. Data Privacy Framework)
  • Suitable safeguards in accordance with Art. 46 GDPR (e.g. standard contractual clauses)
  • Your explicit consent.

9. Storage period
Personal data will be deleted as soon as:

  • the purpose of storage is no longer applicable
  • You withdraw your consent
  • you file an objection and there are no overriding legitimate reasons

Statutory retention periods (e.g. from commercial or tax law) remain
unaffected.

10. Rights of data subjects
Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): Information about processed data
  • Right to rectification (Art. 16 GDPR): Correction of incorrect data
  • Right of erasure (Art. 17 GDPR): “Right to be forgotten”
  • Right to restriction (Art. 18 GDPR): Restriction of processing
  • Data portability (Art. 20 GDPR): Receipt of your data in a structured form
  • Right to object (Art. 21 GDPR): Objection to processing
  • Revocation of consent (Art. 7 para. 3 GDPR): With effect for the future
  • Right to lodge a complaint (Art. 77 GDPR): To the supervisory authority

Competent supervisory authority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
Phone: 0981 180093-0
E-mail: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

11. Data security
We use comprehensive technical and organizational measures:

  • SSL/TLS encryption for data transfer
  • Access restrictions and authorization concepts
  • Firewalls and security systems
  • Regular security updates
  • Privacy by Design

12. Automated decision-making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

13. Changes to this Privacy Policy
We reserve the right to adapt this privacy policy in the event of technical changes or new legal requirements.