With this privacy policy, we would like to provide you (i.e. as a user, interested party and/or visitor) with information on the type, scope and purposes of the processing of personal data via our online presence. The current version of the privacy policy can be accessed at https://gipfelgold.net/datenschutz and printed out if required.

I. Responsible Party
GIPFELGOLD WERBEAGENTUR GMBH
Herwarthstrasse 36
53115 Bonn
Telephone: +49 [0] 228 9 65 91 31
Email: info(at)gipfelgold.de

II. Collection/Storage of Personal Data/Type and Purpose of Use
1. Website Visit/Access
When you visit this website, information is automatically sent to the server where our website is hosted through the browser (i.e., the respective internet browser) on your device (e.g., computer, tablet, smartphone, etc.). This information is temporarily stored in a so-called log file.
The following information is collected:
• IP address of the requesting computer (pseudonymised)
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• Browser used and, where applicable, the operating system of your computer, as well as the name of your access provider.
This information is collected automatically without your involvement and stored until it is deleted automatically. The data mentioned is processed by us to ensure a smooth connection setup and comfortable use of our website, to evaluate system security and stability, as well as for administrative purposes.
Der Datenverarbeitung liegt damit ein berechtigtes Interesse unsererseits zugrunde
(Rechtsgrundlage: Art. 6 Abs. 1 Satz 1 lit. f DSGVO), welches aus den zuvor benannten Zwecken der Datenerhebung folgt. Wir verwenden die erhobenen Daten nicht zu dem Zweck, Rückschlüsse auf Ihre Person zu erhalten.
2. Contacting us
If you contact us (e.g., via email, phone, or online contact form), your information will be processed by us to handle your inquiry and its processing. The processing is based on Art. 6 para. 1 lit. b) GDPR. Your details will be stored electronically and deleted once they are no longer required. A review of the data storage will occur at least in accordance with legal (and professional) archiving obligations.

III. Disclosure of Personal Data to Third Parties
We only disclose personal data to third parties – regardless of the other information in this privacy policy – in the following cases and for the following purposes:
You have given your consent for this, Art. 6 para. 1 sentence 1 lit. a GDPR. The disclosure is necessary for the performance or execution of a contract with you or to take pre-contractual measures at your request, Art. 6 para. 1 sentence 1 lit. b GDPR. The disclosure is necessary to protect vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d GDPR. The disclosure is required under Art. 6 para. 1 sentence 1 lit. f GDPR for the establishment, exercise, or defence of legal claims, and there is no reason to believe that you have a prevailing legitimate interest in not disclosing your data. We have a legitimate interest in the disclosure as per Art. 6 para. 1 sentence 1 lit. f GDPR. There is a legal obligation for the disclosure under Art. 6 para. 1 sentence 1 lit. c GDPR.

IV. Cookies
Cookies may be used on our website. Cookies are small files automatically created by your browser or internet access program and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not contain viruses, trojans, or malicious software. A cookie stores information that is related to the specific device you are using. By setting a cookie, we do not gain direct knowledge of your identity.
The use of cookies on this website serves, on one hand, to make your experience more enjoyable. So-called session cookies may be used to recognize that you have already visited certain pages of our website. These are automatically deleted when you leave our site.
On the other hand, we use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a certain period. If you visit our site again to use the offered services, it will be automatically recognized that you have already been with us and, for example, what inputs and settings you have made, so you don’t have to enter them again.
Furthermore, cookies may be used to statistically track the use of our website and evaluate this data for the purpose of optimizing our offerings (see the explanations under V.). These cookies enable us to automatically recognize that you have already visited our site on a return visit. These cookies are also automatically deleted after a defined period of time.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties (legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR).
Preventing cookie storage: Most browsers automatically accept cookies. However, you can configure your browser to prevent cookies from being stored on your computer, or to display a prompt before a new cookie is set. Disabling cookies completely may, however, result in some features of our website not being available to you. Information on the relevant settings can be found in the documentation of the internet access software (browser) you are using.

V. External Resources/Services
We may incorporate third-party resources and services to design, implement, and display certain content on our website (this includes, for example, program and code libraries as well as third-party content such as fonts, maps, videos, etc.).
It is technically necessary and/or intended that your IP address (which addresses access to our website) is forwarded to the server of such a provider. We strive to keep such access and the use of external resources to a minimum and avoid them whenever possible. However, this is not always proportionally feasible. The use of such resources and services represents a legitimate interest for us; specifically, in providing the relevant services and content for the need- and interest-appropriate operation of this website and delivering the desired content and information as part of our online presence (legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR).

VI. Data Subject Rights
As a data subject, you have the following rights:
According to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of the right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details of such processes. According to Art. 16 GDPR, you have the right to request the immediate correction of inaccurate or incomplete personal data stored by us. According to Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims. According to Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose its deletion, and we no longer require the data, but you need it for the establishment, exercise, or defence of legal claims, or you have objected to the processing according to Art. 21 GDPR. According to Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transmission to another data controller.
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. Typically, you can contact the supervisory authority of your usual place of residence, workplace, or our office (in our case, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, phone: 0211/38424-0, fax: 0211/38424-10, poststelle@ldi.nrw.de).

VII. Newsletter

Newsletter data
If you would like to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No further data will be collected, or only on a voluntary basis. For the processing of the newsletter, we use newsletter service providers, which are described below.

Rapidmail
This website uses Rapidmail for sending newsletters. The provider is
rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany.
Rapidmail is a service that, among other things, allows for the organization and analysis of newsletter dispatch.

Legal basis
The data processing is carried out based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. The lawfulness of the data processing activities carried out prior to the withdrawal remains unaffected.

Storage duration
The data you have provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter, either with us or the newsletter service provider, and will be deleted from the newsletter distribution list after unsubscribing. Data stored for other purposes with us will remain unaffected by this.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary, to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest under Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.
For more details, please refer to the privacy policy of Rapidmail at: https://www.rapidmail.de/datenschutz-kundenbereich

Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

VIII. Right of Withdrawal
If you have given your consent for data processing, you can withdraw it at any time in accordance with Art. 7 para. 3 GDPR. The data processing that was based on this consent must then no longer be continued by us in the future.

IX. Right to Object
If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the case of direct marketing, you have a general right to object, which will be implemented by us without the need for you to provide a specific situation.
If you wish to exercise your data subject rights (6) and/or your right of withdrawal and/or objection (7 and 8), an email to info@gipfelgold.net is sufficient. Other contact options can be found above in point 1 of this statement.

X. Data Security
For our website, we use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser (internet access program). Typically, this is 256-bit encryption (if your browser does not support 256-bit encryption, 128-bit v3 technology will be used). You can recognize that a visit or page request is encrypted by the key or lock symbol in the status bar of your browser (further information can usually be found in the documentation of your respective browser software).
In addition, we employ possible and reasonable technical and organisational security measures to protect your data from accidental or intentional manipulation,
partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in accordance with technological developments, as far as possible and reasonable. We have a data processing agreement (Art. 28 GDPR) with our web hosting service provider.

Date of this privacy policy: 5 December 2024