4️⃣ Privacy Policy

Privacy Policy

Last updated: 2 June 2026

At GOLD SHOP ("we", "us", "our"), the protection of your personal data is of utmost importance. With this Privacy Policy, we wish to inform you transparently about which personal data we collect, the purposes for which it is collected and how we handle it. The applicable legal basis is the General Data Protection Regulation (GDPR) together with the German Federal Data Protection Act (BDSG).

1. Data Controller

The data controller within the meaning of the GDPR is the operator of the website goldshop.com. For any matters relating to this declaration or the processing of your data, you can reach us at contact@goldshop.com. Full provider details can be found in our Legal Notice.

2. Categories of Data We Process

In connection with an order or contact enquiry, we process the following data:

  • First and last name as well as email address
  • Shipping and billing address
  • Telephone number (voluntarily provided, used to inform you about the delivery status)
  • Payment information (securely processed by our payment partner — card details are not stored by us)
  • History of your orders and purchases
  • Technical data relating to your device and browsing behaviour (IP address, browser type, pages visited)

3. Purposes of Processing and Legal Bases

  • Order processing — we require your name, address, email and payment details in order to fulfil the purchase contract concluded with you (Art. 6 (1) (b) GDPR).
  • Customer communication — for example, order confirmations, shipping notifications and customer service enquiries (Art. 6 (1) (b) GDPR).
  • Optimisation of our offering — usage analyses allow us to continuously improve our website (Art. 6 (1) (f) GDPR — legitimate interest).
  • Compliance with legal obligations — the archiving of business records takes place in accordance with commercial and tax law requirements (Art. 6 (1) (c) GDPR).

4. Payment Processing

The processing of your payments is handled by our partners (for example, Stripe, PayPal, Klarna or Viva Wallet), all of which are certified to PCI DSS Level 1. Your card details are captured directly within their secure environment — the full card number, CVV security code and expiry date are at no time visible or accessible to GOLD SHOP.

5. Storage Duration

Order-related data is retained for a period of 10 years, in accordance with the requirements of § 147 AO and § 257 HGB under German tax and commercial law. Your marketing preferences are retained until you withdraw consent. Non-essential data is deleted or anonymised once the purpose of processing no longer applies.

6. Recipients of the Data

Disclosure to third parties takes place exclusively to service providers required for order processing:

  • Shipping service providers (e.g. DHL, DPD, Hermes, GLS) for delivery
  • Payment partners for the secure processing of payments
  • Email service providers for transactional communications
  • Hosting providers for the technical operation of the website
  • Tax advisors and lawyers, where necessary to fulfil legal obligations

We have concluded appropriate agreements pursuant to Art. 28 GDPR with all data processors.

7. Data Transfer to Third Countries

Data is only transferred to countries outside the European Economic Area (EEA) where an adequacy decision is in place or where appropriate safeguards — such as the Standard Contractual Clauses of the EU Commission — apply in accordance with Art. 45 et seq. GDPR.

8. Cookies and Tracking

We use cookies and similar technologies on our website. Detailed information on this can be found in our Cookie Policy. Through the cookie banner as well as your browser settings, you can refuse or configure non-essential cookies at any time.

9. Your Rights as a Data Subject

With regard to your personal data, you have the following rights:

  • Right of access (Art. 15 GDPR) — you may request information about which of your data we process
  • Right to rectification (Art. 16 GDPR) — incorrect data can be corrected
  • Right to erasure (Art. 17 GDPR) — provided no statutory retention obligation prevents it
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR) — against processing that is based on a legitimate interest
  • Right to withdraw consent given (Art. 7 (3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, a brief message to contact@goldshop.com is sufficient.

10. Security of Your Data

In order to protect your data against unauthorised access, loss or improper use, we have implemented technical and organisational measures (TOMs). These include, among others, encryption via SSL/TLS, secure server environments, restricted access permissions and regular security audits.

11. Automated Decision-Making

We do not use automated decision-making procedures or profiling within the meaning of Art. 22 GDPR.

12. Right to Lodge a Complaint

Should you believe that the processing of your data infringes the provisions of the GDPR, you have the right to lodge a complaint with a data protection supervisory authority — in particular in the Member State of your habitual residence, place of work or the place where the alleged infringement occurred.

13. Updates to this Policy

We reserve the right to update this Privacy Policy from time to time in order to adapt it to legal developments or changes in our internal processes. The version currently in force is always available for review on this page.