Our social media presence

This privacy policy applies to the following social media presences

• https://www.facebook.com/goldheinrich
• https://www.instagram.com/goldheinrich
• https://www.youtube.com/@gold.heinrich
• https://www.tiktok.com/@goldheinrich

Data processing by social networks

We maintain publicly accessible profiles on social networks. You can find the specific social networks we use below.

Social networks like Facebook, X, etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

When you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection occurs, for example, via cookies stored on your end device or by capturing your IP address.

With the help of the data collected in this way, social media portal operators can create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both on and off the respective social media platform. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or have been logged in.

Please also note that we cannot fully understand all processing procedures on social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Please refer to the terms of use and data protection regulations of the respective social media portals for details.

Legal basis

Our social media presences are intended to ensure the broadest possible online presence. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by social networks may be based on different legal grounds, which must be stated by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) GDPR).

Responsible Party and Assertion of Rights

When you visit one of our social media presences (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. You can generally assert your rights (access, rectification, erasure, restriction of processing, data portability, and complaint) both towards us and towards the operator of the respective social media portal (e.g., towards Facebook).

Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing activities of the social media platforms. Our capabilities are largely determined by the respective provider's company policy.

Storage duration

The data we collect directly from your social media presence will be deleted from our systems as soon as you request deletion, withdraw your consent for storage, or the purpose for data storage no longer applies. Stored cookies will remain on your terminal device until you delete them. Mandatory legal provisions – particularly retention periods – remain unaffected.

We have no influence on the storage duration of your data which is stored by social network operators for their own purposes. For details, please inquire directly with the social network operators (e.g., in their privacy policy, see below).

Your Rights

You have the right to receive information at any time, free of charge, about the origin, recipients, and purpose of your stored personal data. You also have the right to object, data portability, and the right to lodge a complaint with the competent supervisory authority. Furthermore, you can request the correction, blocking, deletion, and, under certain circumstances, the restriction of the processing of your personal data.

Social Networks Individually

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.

We have entered into a joint controller agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we and Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do this, click the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfers to the US are based on the EU Commission's Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find details in the Facebook Data Policy: https://www.facebook.com/about/privacy/.

The company is certified under the „EU-U.S. Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the U.S. Any company certified under the DPF commits to adhering to these data protection standards. Further information on this topic can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfers to the US are based on the EU Commission's Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal data, please refer to Instagram's Privacy Policy: https://privacycenter.instagram.com/policy/.

The company is certified under the „EU-U.S. Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the U.S. Any company certified under the DPF commits to adhering to these data protection standards. Further information on this topic can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the „EU-U.S. Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the United States that is intended to ensure compliance with European data protection standards for data processing in the U.S. Any company certified under the DPF commits to adhering to these data protection standards. Further information on this topic can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

TikTok

We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. For details on how they handle your personal data, please refer to TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.

Data transfers to non-secure third countries are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=de.