Data Protection

Data protection declaration for customers, suppliers and users of our Website

Goldhofer AG is delighted to note your interest in our company and our products. The following information is designed to give you – as a customer or prospect for our products and services or as a supplier or visitor to our website – an overview of the ways in which your personal data are processed by our company and about your rights deriving from data protection legislation.

We take the protection of your personal data very seriously, and we process them only in compliance with the provisions of the EU’s General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (FDPA).

In the following we describe which data are processed in the context of our business relationship and during your visit to our website.

1. Responsible companies

This data protection declaration applies to both Goldhofer AG and Goldhofer Airport Technology GmbH (hereinafter referred to as the “Group”). With regard to personal data processed in the course of use of the website, Goldhofer AG has sole responsibility in terms of data protection law. With regard to processing in the context of business dealings, the responsibility lies with the company with which a direct contractual relationship exists.

The contact details of the responsible companies are as follows:

Goldhofer AG
Donaustr. 95
87700 Memmingen/Germany
Phone: +49 8331 15-0
Fax: +49 8331 15-239


Goldhofer Airport Technology GmbH
Parkstr. 19-21
73760 Ostfildern/Germany
Phone +49 711 34000-0
Fax +49 711 34110-87

2. Data protection officer

Dieter Fasel
Wälder 27 a
87789 Woringen/Germany

3. Personal data

Personal data means any details of the personal or material circumstances of an identified or identifiable natural person. This includes information such as IP addresses, given name and surname, address, telephone number or date of birth. Information that cannot be directly linked to your actual identity, such as statistical information regarding the number of users of a website, does not constitute personal data.

4. Categories of processed data for customers and suppliers

The following categories of data are regularly processed in the context of our business relationships with you:

  • Personal master data (name, date of birth, place of birth, nationality)
  • Contract master data (contractual relationship, product or contract interest)
  • Authentication data (ID data)
  • Communications data (telephone, e-mail, address, IP address)
  • Customer history
  • Invoice and payment data
  • Planning and control data
  • Advertising and sales data
  • Information from third parties, e.g. credit agencies or public directories

5. Categories of processed data for users of our website

When you access our website your Internet browser automatically transfers data to our web server for technical reasons. Once the connection has been established between your Internet browser and our web server, the following data are recorded:

  • Date and time of the request
  • Name of the requested file
  • URL of the website from which the file is requested
  • Access status
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Volume of data transferred

6. Legal basis and purpose of data processing

Goldhofer AG and Goldhofer Airport Technology GmbH and our third-party service providers process your personal data on the basis of the following legal provisions and for the following purposes:

6.1 Contractual basis (preparation, execution, termination), Art. 6(1)(b) GDPR

  • Answering questions and taking steps prior to entering into a contract
  • Preparation, negotiation and performance of a contract
  • Granting access to certain data and offers

6.2 Legal obligation, Art. 6(1)(c) GDPR

  • Responding to an official or court order
  • Meeting certain statutory duties in particular relating to taxation law

6.3 Legitimate interests, Art. 6(1)(f) GDPR

  • Direct marketing and optimization of the website (eTracker)
  • Administrative purposes within the Group
  • Improvement of products and services
  • Communication with customers and prospects by e-mail or telephone
  • Preservation of evidence for the establishment, exercise or defense of legal claims
  • Prevention of misuse or other illegal activities within the company
  • Guaranteeing IT security
  • Video surveillance to safeguard domiciliary rights and collect evidence in cases of burglary (cf. Art. 4 FDPA)
  • Measures for building and plant security (e.g. access controls)
  • Data exchange with credit agencies (e.g. SCHUFA) to assess credit and default risks

6.4 Consent, Art. 6(1)(a) GDPR

  • Sending advertising such as price information in the absence of a business relationship
  • Contact made via the website
  • Photographs taken at events

7. Withdrawal of consent

You have the right to revoke the consent you have granted us for the processing of your personal data at any time with future effect. The legality of the processing of your data performed prior to revocation remains unaffected.

8. Disclosure of data

Within the Group, those units have access to your data which require them for the fulfillment of contractual and legal obligations or for internal administrative purposes.

Your personal data will not be passed on to third parties outside the Group unless this is necessary for the execution of the contract or you have given your express consent or we can assert a legitimate interest or we are obliged to do so by a court or competent authority.

Service providers used by us in the context of order processing agreements and subcontractors may also receive data for these purposes. They include companies in the fields of IT services, logistics, printing services, telecommunications, debt collection, management consultancy and sales and marketing. Insofar as we engage external service providers for order processing purposes, they are carefully selected and have an obligation pursuant to Art. 28 GDPR to observe all provisions of data protection law.

Potential recipients of personal data also include the following:

  • Public authorities and institutions (e.g. tax, judicial and law enforcement authorities) in the context of a statutory or official obligation
  • Auditors, tax consultants or lawyers

9. Transfer of personal data to non-EU countries

Personal data may be transferred to parties located outside of the European Union (non-member countries) where

  • it is necessary to fulfill your order (e.g. supply contracts),
  • we have a statutory obligation to do so (e.g. tax reporting rules, combating criminal offenses),
  • it is required to secure the company’s IT operations,
  • we have a legitimate interest in such data transfer, or
  • you have given your consent.

In the event of the transfer of data to a party in a non-member country, appropriate guarantees pursuant to Art. 44 ff. GDPR will ensure compliance with the level of data protection that applies in the European Union.

10. Price information

For purposes of customer-specific pricing, we store personal data such as given name, surname, contact details and name of company. We use this data exclusively to transmit the requested information and to keep a record of your consent. You can revoke your consent to the storage of the data, the e-mail address and their use for sending price information at any time with future effect. Please follow the instructions in the e-mail or write to us using the contact details provided.

11. External links

Our online offers include links to websites of third parties with which we have no contractual relationship. Once the link has been selected, we have no influence on the processing of any personal data such as the IP address or the URL on which the link is located. We can accept no responsibility for the processing of such personal data by third parties.

12. Cookies

12.1 General

Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your end device and do not contain viruses, Trojans or other malware. Information is stored in the cookie that is generated in connection with the specific end device used.

There are consent-free cookies and cookies requiring consent. Consent-free cookies are those which are necessary in order to make use of our online offer or which serve IT security (strictly necessary cookies). The legal basis for such data processing is Art. 6 (1) (f) GDPR. On the other hand, cookies requiring consent serve to make the use of our offer more pleasant for you (preference cookies). For example, we use cookies to recognize that you have already visited individual pages on our website or that you have already logged into your customer account. In addition, also in the interest of user-friendliness, we use temporary cookies that are stored on your end device for a specified period of time. If you visit our website again in order to make use of our services, the system automatically recognizes that you have visited us before and remembers the information you have provided and settings you have entered so that you do not have to do so again. We also use cookies for statistical analysis of the use of our website and evaluation in order to optimize our offer for you and to display information specially tailored to you (marketing and statistics cookies). The legal basis for data processing with cookies requiring consent is Art. 6 (1) (a) GDPR. This data includes page views, length of visit, IP address, country, etc. We analyze this statistical data in order to improve our offer and to assess the acceptance of individual web pages.

12.2 The following cookies are used on our website:

12.2.1 Strictly necessary cookies

These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into the customer section.

PHPSESSIDwww.goldhofer.comSession cookie for internal use on the server to identify the session.Duration of the session
cookieNoticeAcceptwww.goldhofer.comStores the user’s consent status for cookies on the current domain.1 year

12.2.2 Analytical/performance cookies

These cookies make it possible to collect anonymized data on our visitors’ usage of the website. We analyze such data in order, for example, to improve the functionality of the website and to present you with interesting offers.

See below for a list of all cookies used.

Name (etracker Third-Party Cookie)PurposeStorage periodExample of content
cntcookieExclusion from data collection (list of account IDs)4 years1234%7C4567
_et_coidCookie detection2 years or as configured108bf9a85547edb1108bf9a85547edb1
GS3_vSet by the web service optimizer. Contains the same visitor ID as BT_pdc1 year4682607
Name (etracker First-Party Cookie)PurposeStorage periodExample of content
_et_coidCookie detection2 years or as configured108bf9a85547edb1108bf9a85547edb1
et_oi_v2Opt-in cookie stores the visitor’s decision if the tracking opt-in is shown for the visitor. Also used for a possible opt-out."no" - 50 years

"yes" - 480 days
et_oipOpt-in cookie for "signalize". If the client chooses "no", the cookie is set with the value "no" and a period of 50 x 365 days. If the customer chooses "x" or presses the ESC key (no decision), the cookie is set with the value "no" valid for 1 day. A value of "yes" is not required, since this is implicit in consent to the actual browser push."no" - 50 x 365 days

"no" (Session) 1 Tag
et_allow_cookiesWhen the "data-block-cookies" parameter is used, this cookie is set by the API Call_etracker.enableCookies() to indicate that etracker is allowed to set cookies.16 months1
isSdEnabledDetermines whether the visitor’s scrolling depth is measured.24 hourstrue
BT_ctstOnly used to detect whether cookies are activated in the visitor’s browser or not.Duration of the session101
BT_sdcContains Base64-encoded data for the current session (referrer, number of pages, number of seconds since start of session), which is used for personalization purposes.Duration of the sessioneyJldF9jb2lkIjoiTkEiLCJy...DMzNTYzNzM

BT_pdcContains Base64-encoded visitor history data (is customer Newsletter subscriber, etc.) for personalization.1 yeareyJldGNjX2N1c3QiOjAsImVj...GNjX25l

BT_eclContains a list of project IDs for which the visitor is excluded. This cookie is set by the web service when the client has configured that not all visitors are allocated to a test but only a certain fraction.30 daysBT-6037799f213de9e9961facc224b69
Name (etracker Local Storage Cookie)PurposeExample of content
et_scroll_depthScrolling depth measurement data{"foo":{"buckets":{"0":{"stayTime":954594,"to":9,"from":0},"10":{"stayTime":954594,"from":10,"to":24},"25":{"stayTime":0,"from":25,"to":49},"50":{"stayTime":0,"from":50,"to":74},"75":{"stayTime":0,"from":75,"to":100},"101":{"stayTime":0,"from":101,"to":1000000}},"tm":1561467961409,"lastBuckets":["0","10"]}}
targetingAPISessionData collected in the current session for the optimizer.{"sessionCount":6,"updateTime":"1548146586","createTime":"1548146586","dataUpdateTime":0,"data":null,"dataHash":null,"dataHashFirst":null,"savedAttributes":{"etcc_newsletter":null,"etcc_cust":null},"ecommerceOrder":false}
_et_coidCookie detection, see corresponding first-party cookie.108bf9a85547edb1108bf9a85547edb11623682846000
et_oi_v2Opt-in cookie, see corresponding first-party cookie.no3138274773810
et_oipOpt-in cookie for signalize, see corresponding first-party cookie.no3123100800000

12.3 Use of technologies of etracker GmbH

This website uses the technology of etracker GmbH ( to collect and store data for marketing and optimization purposes. These files can be used to create pseudonymous user profiles. Cookies are used to permit statistical analysis of the use of this website during your visits and the display of use-related advertising content. Etracker cookies contain no information which permit identification of the user.

The data collected using etracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data relating to the bearer of the pseudonym without the express consent of the person concerned.

Data processing is carried out on the basis of the legal provisions of Art. 6 (1) (f) GDPR. Our legitimate interest within the terms of the GDPR is the optimization of our online offer and our website. As we consider the privacy of our visitors very important, data which might permit a connection to be established with any specific person such as IP address, login or device ID are anonymized or pseudonymized as soon as possible. No other use of the data is made, and they are not merged with any other etracker data or passed on to third parties. By clicking on this link, you can object to the collection and processing of data using the tracking technology of etracker GmbH at any time with effect for the future.

13. Social media

We maintain fan pages and company-related sites on diverse social networks and platforms in order to communicate with customers and potential customers and to inform them about our products and activities. For this purpose, we place links on our website to our fan pages and sites so that they can be found more quickly. When accessing the various networks and platforms, the terms of business and privacy policies of the respective operators apply.

13.1 Youtube

This website uses the video platform YouTube, operated by YouTube, LLC, (hereinafter referred to as “YouTube”). YouTube is a platform on which video files can be uploaded for others to play.

When you call up a corresponding page of our offer, the embedded YouTube player establishes a connection to the YouTube servers so that video and audio files can be downloaded and used. At the same time, data is also transferred to YouTube as the responsible party. We can accept no responsibility for such data processing by YouTube.

13.2 Vimeo

This website embeds videos from Vimeo operated by Vimeo LLC (hereinafter referred to as “Vimeo”).

Further information about data processing by Vimeo and your related rights can be found in Vimeo's privacy policy at

13.3 Facebook

This online offer includes links to the services of Facebook Ireland Ltd. (hereinafter referred to “Facebook”).

When you visit our Facebook page, Facebook records your IP address and possibly further information that is available on your PC in the form of cookies. This information is used to provide us as the owners of the Facebook fan page with statistical information on the use of the Facebook page.

The data collected on you in this context is processed by Facebook and may be transferred to countries outside of the European Union. Your attention is drawn to the fact that Facebook is responsible under data protection law for the transfer and subsequent processing of such data. Facebook provides data protection information describing in general terms which specific data Facebook receives and how it is used. Further information on the subject is provided in Facebook’s privacy policy at

13.4 Instagram

Our pages contain links to Instagram. This service is provided and operated by Instagram Inc., which is domiciled in the US.

Information on the subject of data protection is provided in Instagram’s privacy policy at

13.5 XING

This website provides a link to our profile on the social platform XING, which is a network for professionals to connect.

13.6 Twitter

Our website includes links to Twitter, a service provided by Twitter Inc. (hereinafter referred to as “Twitter”). With the use of Twitter and the re-tweet feature, the web pages you visit are linked to your Twitter account and disclosed to other users. At the same time, data is transferred to Twitter. Please note that we as the provider of the web pages have no knowledge of the content of the transferred data and its use by Twitter. Further information on the subject is provided in Twitter’s privacy policy at You can change your Twitter privacy settings in your account settings at

13.7 LinkedIn

Our website also includes links to the LinkedIn social network provided by the LinkedIn Corporation (hereinafter referred to as “LinkedIn”). If you click on the link, you will first be redirected to your (logged in) user account via a separate browser window. LinkedIn receives information about your visit to our website by processing your IP address. LinkedIn is also able to establish a correlation between your visit to our website and your user account. Please note that we have no knowledge of the content of the transferred data and its use by LinkedIn. Further information on the subject is provided in LinkedIn’s privacy policy at

14. Data security

Our employees and the service providers we hire have a duty to observe confidentiality and to comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational safety measures to protect your personal data from loss, manipulation, destruction, and unauthorized access and disclosure. Our safety measures are continually updated in accordance with the latest technological developments.

15. Duration of data storage

We store your data for the duration of the contractual relationship with you or your employer or for as long as necessary to provide our online offer. In addition, we store your personal data for as long as we have a legitimate interest in further storage. The data will be deleted after expiration of the statutory or contractual retention period, e.g. under tax and commercial law. Data not subject to the duty to preserve records will be deleted when the specified purpose no longer applies.

16. Rights as a customer, supplier and user of our website

As a customer or user of our website you have various rights. Please make use of the information provided in the Contact section to assert your rights. When doing so, please ensure that we are able to clearly identify you.

In accordance with the EU’s General Data Protection Regulation, you will receive information upon request free of charge and at any time regarding the storage of your personal data (Art. 15 GDPR). Please note that under certain circumstances your right to information may be restricted in accordance with legal provisions, in particular Art. 34 FDPA-new.

You furthermore have the right to correction (Art. 16 GDPR ) or deletion (Art. 17 GDPR) of said data provided that the statutory requirements are met. Exceptions to the right to deletion include data relating to business activities which are subject to a statutory duty of retention.

You also have the right pursuant to Art. 18 GDPR to restrict the processing of your personal data.

17. Right of objection

Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which we perform to protect our legitimate interests. We will then discontinue the processing of your data unless we can prove, in accordance with the statutory provisions, that we have mandatory grounds for further processing which are worthy of protection and prevail over your rights.

18. Right of objection to direct marketing

You can object to the processing of your personal data for advertising purposes at any time. Please note that for organizational reasons there might be an overlap between your revocation and the use of your data in an ongoing campaign.

19. Right to data portability

Upon request, we guarantee the portability of the personal data provided by you through transfer in a standard machine-readable data format.

20. Duty to provide personal data

If a contractual relationship exists between you and Goldhofer AG or Goldhofer Airport Technology GmbH, you must provide the personal data which is required for the initiation, performance and termination of the contract and compliance with the associated contractual duties or which we have a statutory obligation to collect. Without the provision of said data, we will not normally be able to conclude a contract with you.

To the extent that there is no necessity for your data to be processed within the scope of use of this website for the initiation, performance and termination of a contract and it is not a statutory requirement, the provision of your data is voluntary. Please note, however, that certain website functions and other services will not be available in the case of failure to provide the necessary data.

21. Automatic processing of personal data

Your personal data will only be processed automatically if this is necessary for the conclusion or performance of a contract and the process has no legal or similar effect for you.

22. Complaint to supervisory bodies

If you are dissatisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority. For that purpose you can contact the relevant data protection agency.

The competent data protection agency in the case of Goldhofer AG:

Bayerische Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Telephone: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300

The competent supervisory authority in the case of Goldhofer Airport Technology GmbH:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstrasse 10a
70173 Stuttgart
Telephone: +49 (0)711/615541-0
Telefax: +49 (0)711/615541-15

23. Copyright

All texts, images, graphics and sound, video and animation files and their arrangements are protected by copyright and are subject to further laws relating to intellectual property rights. They may not be copied for commercial purposes or for distribution, nor may they be modified and used on other websites. Some of the Company’s webpages also contain material that is subject to the copyright of those who have provided it.