Data Privacy Statement
Please note that the following content serves only informative purposes and does not claim legal responsibility. The German version applies, in case of legal issues.
On this site, you may find the data privacy statement of Edelmetalle direkt GmbH for orders and purchases through https://www.aurogold.de.
We, Edelmetalle direkt GmbH and operator of the online shop www.aurogold.de, take the protection of your personal data very serious.
The use of our websites is generally possible without giving private data. Only the IP-address must be transmitted due to technical reasons. However, should you wish to make use of certain services or offers of our Internet presence, the processing of personal data may be necessary.
We collect, process and use personal data only in compliance with the legal requirements and according to this present data privacy statement, as well as if need be, further with you expressly concluded, written terms.
Please read this Data Privacy Statement carefully. The scale, nature, purpose, use and processing of the collected data of people who come into contact with the Edelmetalle direkt GmbH via this website, shall be explained to you.
Furthermore, you as an affected person, the person whose personal data is stored, processed or forwarded, are informed of your rights through this data privacy statement.
You may find additional information about your rights in our General Terms and Conditions (GTC) in the so called “footer area” at the bottom end of our websites.
First of all a definition of what you can expect of “personalized data”, according to the Federal Data Protection Act (Bundesdatenschutzgesetzt, BDSG) and the General Data Protection Regulation (Datenschutzgrundverordnung, GDPR): particulars about personal or factual circumstances of a specified or specifiable natural person. Among these particulars are e.g. your name or contact information, such as your telephone number, address and email address.
On this website, personal data is only collected to the extent necessary and is treated and protected with the greatest care possible. Under no circumstances will the collected data be sold or submitted to third parties for any other purposes than the ones listed here, without your consent.
At the same time, we wish to point out that the online data transmission (e.g. when communicating by email) may be subject to security breaches. It is thus impossible to guarantee absolute protection for the data from access of third parties. However, we do our very best to protect your data!
I. Name and Address of the Person Responsible
According to the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the General Data Protection Regulation (Datenschutzgrundverordnung, GDPR), the person responsible for the collection, processing and using your personal data is the
Edelmetalle direkt GmbH
Poststraße 4
D-79098 Freiburg
- represented by the CEO
Bernd Höppner -
Phone: 07 61 - 120 29 82
Fax: 07 61 - 120 29 83
E-Mail: info[at]edelmetalle-direkt.com
Web: https://aurogold.de.
(hereinafter Edelmetalle direkt).
II. General Information about Data Processing
1. Scale of the processing of personalized data
In general, we only collect and use personalized data of our users to the extent of having a functional website as well as functional content and good performance. The collection and use of personalized data is only carried out after we received the agreement of the user. An exception being those cases, if it is out of factual reasons impossible to previously get the consent and the processing of the data is legally allowed.
The transmitted data enables us to carry out your purchase or sale of precious metals easily, safely and comfortably through our online shop.
2. Legal basis for the processing of personalized data
The following legal basis applies for the processing of your personalized data:
-
agreement
-
fulfillment of the contract or conditions precedentto the contract
-
legal obligation
-
to protect the legitimate interests of our company, that of a third party, however the fundamental rights and liberties of an aggrieved party, do not outweight the interests mentioned above.
3. Data deletion and storage period
The personalized data of an aggrieved party are deleted or blocked as soon as the purpose of storage is no longer applicable. The storage may be extended longer than this period should a legal retention period require so, e.g. in accordance with the fiscal code and the commercial code. The legal retention period, that we naturally comply to, is ten years.
4. Acquisition and scale of the data processing
The browser on your terminal automatically transmits specific data to our server, the server of our webspace provider respectively, each time you visit our website www.aurogold.de. This data is temporarily stored in the so-called server logfile. The following information is stored until it is automatically deleted without your any action on your part:
-
name and URL of the website,
-
retrieved file, date and time of retrieval,
-
transmitted data volume,
-
note of successful retrieval,
-
type of browser and version used,
-
operating system of the computer,
-
websites from which the user accessed our site: referred URL,
-
IP address of the computer sending the request,
-
the requesting Internet service provider (only with the Web space provider),
-
Websites that are accessed by the system of the user through our website.
Legal provisions demand and allow the temporary storage of this data and logfiles.
The temporary storage of the IP address by the system is necessary to be able to run the website successfully on the user’s computer. Thus, the IP address must be stored for the duration the website is visited. Until then, the data is stored and after the website is no longer visited, automatically deleted. Because the data is inevitable for the website to operate correctly, the user has no option to object to the processing of this data.
The processing of the data mentioned above are used for the following:
-
To ensure a smooth connection to our website
-
To ensure a comfortable use of our website
-
Analysis of system security and stability
-
To further administrative purposes.
III. Registration
You can also register on our website. We process the personalized date you provided and, again, do not give them to third parties. Storing the data enables you to log into our shop anytime with your email address and your personal password and (re-)order products.
The following data is used in the registration process:
-
IP address, as well as time and date of registration
-
Your email address
-
Your chosen password
-
Your name and first name
-
Your full address containing street, house number, postal code, city and country
-
Your telephone number
-
Optional: company
-
Optional: addition to your address.
Reason: The processing of your personalized data is inevitable for the completion of a contract or pre-contractual measures. However, it may also be carried out based on your consent.
Moreover, it is also necessary to hold the content and services on our website in readiness.
Automated deletion of your stored data after 1 year and 3 months with inactivity
If you are a registered user in our online store and have not used our shop for at least one year and three months, all personal data stored in our system is deleted, should no legal requirements say otherwise. You do not have to further concern yourself with it!
However, in this context, we ask for your understanding that you will have to re-register to our system should you have not visited our online shop for more than one year and three months.
IV. Contact form and e-mail
Do you have further questions? In that case, the Edelmetalle direkt GmbH offers a contact form or you may contact us directly via e-mail. Naturally, we require an e-mail address to know who sent the mail and to whom we shall send the answer. All other information may be given voluntarily. This information is therefore stored and processed. Furthermore, this information is used to establish contact between you, as a customer, and us. Thus, we are able to answer your questions correctly and may come back to an earlier e-mail for additional questions.
The following data is processed within establishing contact via contact form and e-mail:
-
IP address, as well as time and date of entry
-
e-mail address
-
name, first name.
When filling out the contact form, you give your consent to the processing of your data by sending the contact form. The contact form also refers to this site.
Purpose of the data input to the contact form is to establish contact with us.
Sie können zur Kontaktaufnahme auch unsere Email-Adresse nutzen. Ihre Email wird bei uns verarbeitet. Es erfolgt in diesem Zusammenhang keine Weitergabe der Daten an Dritte. Die Daten werden ausschließlich für die Verarbeitung der Konversation verwendet.
Legal basis for the data processing is a voluntary compliance in accordance with section 6, subsection 1, first sentence GDPR.
You may at any time send us a declaration of revocation disallowing further use.
Should you desire to contact us because you wish to conclude a contract, then the legal basis is the fulfillment of the contract or a condition precedent to the contract.
The data are deleted as soon as the purpose of the data processing has been fulfilled. The purpose can differ in the case of contact establishment from case to case. It is possible that a legal retention period is hindering the immediate deletion (§ 257 Com. Code).
V. Data transmission
The transmission of your IP address to the server is carried out automatically. Thus, our server receives your IP address when you visit our website. It is inevitably transmitted to third parties if you use their provided services linked to our website, e.g. You Tube videos, maps by Google Maps, specific fonds or other digital resources. This data privacy statement mentions which components of which specific third party is embedded. Therefore, you can see who the recipients of your IP address are or rather to which category of recipients your IP address is transmitted when using any embedded services provided by third parties.
We assure you that we do not transmit your personalized data in any other cases of automated transmission of IP addresses to third parties when using their embedded, provided services.
Exceptions: if we are legally required to do so (e.g. in case of a court order, to the corresponding authorities), if you previously gave your consent and we use an external service provider to fulfil specific processing parameters. Your data is on no account sold to anyone.
External service providers are mandated to e.g. deliver packages or process payments. Specific example: when we send your packages, a logistician must know where the package is supposed to be delivered to.
The contractual relationships to these service providers are handled in accordance with this data privacy statement and the regulations of the BDSG.
We transmit your personalized data to third parties only if:
-
you have specifically given your approval (according to art. 6 par. 1 first sentence let. a GDPR)
-
the transmission is necessary for the enforcement, exercise or protection of legal claims and without reason to believe that you hold a predominant interest of nonproliferation of your data that is legitimate (according to art. 6. par. 1 first sentence let. f GDPR)
-
in case we are legally required to transmit the data (according to art. 6. par. 1 first sentence let. c GDPR)
- dies gesetzlich zulässig ist und für die Abwicklung von Vertragsverhältnissen mit Ihnen erforderlich ist (gemäß Art. 6 Abs. 1 S. 1 lit. b DSGVO).
VI. Cookies
Naturally, we wish to make your visit of our website as attractive as possible. Therefore, it is necessary to have i.a. a statistical analysis which in turn requires data about the use of the specific websites. For these statistical reasons and to enable the use of specific functions (e.g. automated log ins) we use on different sites so called cookies.
Cookies are small files that can be stored by our shop on your terminal (e.g. computer, laptop, smartphone etc.) when you use our website. Some cookies, so called session cookies, are deleted when you close your browser, others remain on your terminal and enable us to recognize your browser at your next visit (persistent cookies). Cookies do not harm your terminal in any way. They do not contain any viruses, Trojans or any other malware! All cookies are deleted after the legal retention period (§ 257 Com. Code).
The data processed by cookies are important for the protection of our rightful interests as well as those of third parties (according to art. 6. par. 1 first sentence let. f GDPR).
We would like to point out that we only use cookies that are absolutely necessary for the functioning of the pages. According to the DSGVO, we do not require explicit consent from the user for these types of cookies. As long as we do not use cookies on our pages other than those that are absolutely necessary, we do not use the annoying click boxes that you know from other websites.
Most of the browsers accept cookies automatically. You can also adjust your browser in a way that you are informed about the insertion of cookies and can decide on their acceptance either individually or categorically deny cookies in some cases. However, the denial of cookies may restrict the comfortable use of our shop.
VII. Implementation of third-party services
There are also a few third-party services linked in our online shop, e.g. videos on YouTube, maps from Google Maps, links to external texts, videos and graphs. It is important for those services that the third parties of those services collect the IP-address of the user.
You need a valid IP-address for a third party to be able to send the particular contents to the browser of the particular user. Thus, the IP-address is needed for the presentation of this content.
1. Data privacy statement for application and use by YouTube
We have embedded videos that you can watch from YouTube on some of our subpages. More or less anyone can upload “his/her” videos onto the internet platform YouTube and everyone can watch those videos that were uploaded by someone else – everything for free and with the function to comment on those videos. The operator of YouTube is the YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a company subsidiary of the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
If you watch a YouTube-video at least the following information is transmitted to YouTube, according to our level of knowledge: IP-address of your terminal, cookie-ID, the specific internet address of the website visited through us, time and date of the visit (time of the system) and the type and version of the used browser.
The transmission is independent from the fact whether you have a user account from Google or not and also whether you were for the duration of watching the video logged in or not.
However, should you have a Google-account and were logged in when you visited our homepage, are YouTube and Google Inc. able to know which subpages you visited, regardless whether you watched a video or not. This information is linked with the Google- or YouTube-account, stored and a user profile is created that can be used for advertising and market researching purposes or others.
We therefore urge you to log off from your Google- or YouTube-account before you visit our Website, should you not wish for such data transmissions by Google Inc. or YouTube.
You may find further information about the use, storage, processing and transmission of personalized data by Google Inc. and YouTube in the data privacy statements: YouTube: https://www.youtube.com/intl/en/yt/about/policies/#community-guidelines. Google Inc.: https://policies.google.com/privacy?hl=en&gl=de
2. Data privacy statement for the use of Google Maps
This website uses the map service Google Maps through an API to display an interactive map and to create a route map. Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA is the provider of this map service.
By using the services of Google Maps, information about the use of our website can be transmitted to a server of Google in the US and stored there. Therefore, it is necessary for the use of Google Maps, that your IP-address is stored and transmitted to Google. They are then allowed to forward this data to third parties if it is either prescribed by law or the data is processed by a third party Google has instructed.
The Edelmetalle direkt has no influence on this kind of data transfer.
In general, it is technically possible that Google identifies the person who used the services of Google Maps by using the data transmitted to them through Google Maps. It is further possible that personalized data and personality profiles of the people using this website are used by Google for other purposes. Again, the Edelmetalle direkt has no influence on that.
You can however, deactivate the services of Google Maps by deactivating JavaScript in your Browser, if you do not wish the data transfer through Google Maps. Consequently, the data transfer to Google is disabled. Naturally, you will be no longer able to use the map service Google Maps on our website.
You may find further information about how user data is treated in the data privacy statement of Google Inc.: https://policies.google.com/privacy?hl=en&gl=de
VIII. PayPal as payment method: data protection policy
We offer PayPal as a possible payment option to settle the invoice. PayPal is a so-called payment service provider through that you can pay online. PayPal has the function of a custodian between the recipient of the payment and the sender of the payment. Furthermore, PayPal offers the payment sender so called services of customer protection. This is the address of the European operating company of PayPal: S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.
Each user of PayPal has a so-called PayPal-account which is basically a virtual business or private account. An e-mail address is linked to the PayPal-account instead of a bank account. Furthermore, payments can be conducted with credit cards that are linked with a PayPal-account.
If you choose PayPal as your payment method, you agree that the following personalized data are transmitted:
Name, first name, e-mail address, full address, your IP-address, if necessary telephone number, if necessary mobile number as well as possibly further data that are necessary to conclude the payment through PayPal. The latter also include personalized information about the value and content of each order or the concluded act of sale, respectively. PayPal can only ensure customer protection with all that information. Other purposes of this processing of personalized data by PayPal are the payment execution as well as the avoidance of fraud. Naturally, Edelmetalle direkt will only transmit data if a legitimate interest for the transmission exists.
What other things might PayPal do with the transmitted personalized data? – It is quite possible, e.g. that PayPal again transmits the received data to other companies that can give information about the economic situation of the person in question: credit agencies (e.g. Schufa Holding AG, Creditreform etc.) The purpose of this action is to test the credit-worthiness as well as the identity.
PayPal also reserves the right to transmit the received data to other linked companies, subcompanies or renderers of services with the goal to fulfil the contractual obligations.
If you condone the storage, processing and transmission of your personalized data by PayPal, you may revoke your already given agreement any time. However, this does not apply to personalized data that are inevitable for the conduction of the payment, due to legal boundaries.
You may find further information about the use, storage, processing and transmission of personalized data by PayPal in the data privacy statement of PayPal: https://www.paypal.com/ie/webapps/mpp/ua/legalhub-full?locale.x=en_US.
IX. Rights of the person / right of objection
You are a person in question according to the GDPR because your personalized data are stored, processed or transmitted. You have the following rights:
-
You can request information about what personalized data is stored, where it originated and for what reason it is stored. Furthermore, we are to inform you what data is transmitted to third parties. In that case, you are to be informed about the identity of the recipient or the categories of the recipients, all according to art. 15 GDPR.
-
Should the personalized data be false or incomplete you may demand correction or addition, according to art. 16 GDPR.
-
You may object to the processing of your personalized data for advertising purposes. In that case, your data must be blocked.
-
According to art. 18 GDPR, you have a right of limitation of processing, if you deny the correctness of your personalized data for the time that enables the responsible party to verify the correctness of the personalized data. Additionally, if the processing is unlawful and you refuse the deletion of the personalized data and demand a limitation of the use of that data or the responsible party no longer requires the personalized data for the purpose of processing but still requires them for the enforcement, exercise or protection of legal claims or if you have objected to the processing according to art. 21 par. 1 GDPR and it is not yet clear whether the reasons of the responsible party outweigh your reasons.
-
You can demand the deletion of your data. This is possible if the legal ground for data processing is either missing or has ceased to apply. The same comes into effect in case the reason for data processing has ceased to apply due to expiration or other reasons. Please note that the deletion of an existing retention period or other interests of our company, that are deemed legitimate, may be opposing to the deletion. We are happy to inform you of that should you request us to do so. If we have published your data, we are obliged to inform every recipient that you have demanded the deletion of this personalized data or every copy of them, according to art. 17 GDPR.
-
Additionally, you have a right of objection if your legitimate interests outweigh the interest of processing, due to a personal situation. However, this does not apply if we are bound by law to execute the data processing.
-
You have the right to file a complaint to a controlling authority if you believe the processing of personalized data, that concerns yourself, infringes upon data privacy regulations, regardless of how administrative law or courts have decided, according to art. 77 GDPR.
-
You have the right to demand either the transmission of personalized data concerning yourself to another responsible party or to have them handed out by the responsible party in a structured, well-established and machine-readable format, according to art. 20 GDPR.
X. Data security
Your personalized data is encrypted with SSL during the ordering process as well as when using the contact form. You can see that the encryption is active when you look at the command line and see the “https://”. If the encryption is deactivated, it merely says “http://”. With an active SSL-encryption, outsiders are unable to read the data transmission from your terminal to our server.
Edelmetalle direkt deliberately does not use the services of a so called “cloud”. These services can be found more and more often when outsourcing data to external service providers. Your customer data as well as our processing programs we use for the data stay on our own servers and local computers. The servers are located in specifically secured rooms that only we have access to. It is essential that all computers are protected against unauthorized access, according to state of the art technology. We do our best in this regard. However, we fear that it may not enough to protect against the NSA and others in that category.
The access to your user account is only possible when entering your personal password. We urge you to keep your access information confidential at all times and to close your browser as soon as we have concluded the communication, especially when you use the terminal together with others.
Additionally, concerning shop software, we work with software of own production especially regarding data privacy. It is still customary to find precious metal shops that work with “open source” programs that have been on the market for a couple of years. They are an open book to anyone who understands the source code, as it is openly accessible online.
XI. Renouncement of Google Analytics, Facebook-Plug-Ins., Twitter etc.
We deliberately renounce these strong tools for analysis as well as a multitude of marketing tools from the realm of social media. Data privacy protection is more important to us and we see certain additional risks in the use of these tools that we do not wish to take in the interests of our customers.
XII. Further informations
Do you still have questions concerning data privacy? Your trust is important to us, therefore: if you have questions concerning the collection, processing or use of you personalized data, general information, corrections, blocking or deletion of data, please contact us either via e-mail to info at edelmetalle-direkt.com or use different means to contact us.
XIII. Changes to the data privacy statement
This version of the Data Privacy Statement is according to the state of knowledge of May 2018. We reserve the right to apply changes and additions should our online offer, the means of data collection or the processing of personalized data on our side or the legal practice change. Should your compliance as a person in question to those changes be needed in the sense of the GDPR, we shall only do it with your consent. You may inform yourself at any given time about the current version of our Data Privacy Statement. The corresponding link can be found in the footer region of our homepage when clicking on “Data privacy statement”. The site can be accessed from any subpage and may be printed out if required.
November 2022
Edelmetalle direkt GmbH