Data Protection

Data protection declaration for customers, suppliers and users of our Website

Goldhofer AG is delighted to note your interest in our company and our products. The following information is designed to give you – as a customer or prospect for our products and services or as a supplier or visitor to our website – an overview of the ways in which your personal data are processed by our company and about your rights deriving from data protection legislation.

We take the protection of your personal data very seriously, and we process them only in compliance with the provisions of the EU’s General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (FDPA).

In the following we describe which data are processed in the context of our business relationship and during your visit to our website.

1. Responsible companies

This data protection declaration applies to both Goldhofer AG and Goldhofer Airport Technology GmbH (hereinafter referred to as the “Group”). With regard to personal data processed in the course of use of the website, Goldhofer AG has sole responsibility in terms of data protection law. With regard to processing in the context of business dealings, the responsibility lies with the company with which a direct contractual relationship exists.

The contact details of the responsible companies are as follows:

Goldhofer AG
Donaustr. 95
87700 Memmingen/Germany
Phone: +49 8331 15-0
Fax: +49 8331 15-239


Goldhofer Airport Technology GmbH
Donaustr. 95
87700 Memmingen/Germany
Phone: +49 8331 15-0
Fax: +49 8331 15-239

2. Data protection officer

Riscreen GmbH
Hauptplatz 37
85276 Pfaffenhofen

3. Personal data

Personal data means any details of the personal or material circumstances of an identified or identifiable natural person. This includes information such as IP addresses, given name and surname, address, telephone number or date of birth. Information that cannot be directly linked to your actual identity, such as statistical information regarding the number of users of a website, does not constitute personal data.

4. Categories of processed data for customers and suppliers

The following categories of data are regularly processed in the context of our business relationships with you:

  • Personal master data (name, date of birth, place of birth, nationality)
  • Contract master data (contractual relationship, product or contract interest)
  • Authentication data (ID data)
  • Communications data (telephone, e-mail, address, IP address)
  • Customer history
  • Invoice and payment data
  • Planning and control data
  • Advertising and sales data
  • Information from third parties, e.g. credit agencies or public directories

5. Categories of processed data for users of our website

When you access our website your Internet browser automatically transfers data to our web server for technical reasons. Once the connection has been established between your Internet browser and our web server, the following data are recorded:

  • Date and time of the request
  • Name of the requested file
  • URL of the website from which the file is requested
  • Access status
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Volume of data transferred

6. Legal basis and purpose of data processing

Goldhofer AG and Goldhofer Airport Technology GmbH and our third-party service providers process your personal data on the basis of the following legal provisions and for the following purposes:

6.1 Contractual basis (preparation, execution, termination), Art. 6(1)(b) GDPR

  • Answering questions and taking steps prior to entering into a contract
  • Preparation, negotiation and performance of a contract
  • Granting access to certain data and offers

6.2 Legal obligation, Art. 6(1)(c) GDPR

  • Responding to an official or court order
  • Meeting certain statutory duties in particular relating to taxation law

6.3 Legitimate interests, Art. 6(1)(f) GDPR

  • Direct marketing and optimization of the website (eTracker)
  • Administrative purposes within the Group
  • Improvement of products and services
  • Communication with customers and prospects by e-mail or telephone
  • Preservation of evidence for the establishment, exercise or defense of legal claims
  • Prevention of misuse or other illegal activities within the company
  • Guaranteeing IT security
  • Video surveillance to safeguard domiciliary rights and collect evidence in cases of burglary (cf. Art. 4 FDPA)
  • Measures for building and plant security (e.g. access controls)
  • Data exchange with credit agencies (e.g. SCHUFA) to assess credit and default risks

6.4 Consent, Art. 6(1)(a) GDPR

  • Sending advertising such as price information in the absence of a business relationship
  • Contact made via the website
  • Photographs taken at events

7. Withdrawal of consent

You have the right to revoke the consent you have granted us for the processing of your personal data at any time with future effect. The legality of the processing of your data performed prior to revocation remains unaffected.

8. Disclosure of data

Within the Group, those units have access to your data which require them for the fulfillment of contractual and legal obligations or for internal administrative purposes.

Your personal data will not be passed on to third parties outside the Group unless this is necessary for the execution of the contract or you have given your express consent or we can assert a legitimate interest or we are obliged to do so by a court or competent authority.

Service providers used by us in the context of order processing agreements and subcontractors may also receive data for these purposes. They include companies in the fields of IT services, logistics, printing services, telecommunications, debt collection, management consultancy and sales and marketing. Insofar as we engage external service providers for order processing purposes, they are carefully selected and have an obligation pursuant to Art. 28 GDPR to observe all provisions of data protection law.

Potential recipients of personal data also include the following:

  • Public authorities and institutions (e.g. tax, judicial and law enforcement authorities) in the context of a statutory or official obligation
  • Auditors, tax consultants or lawyers

9. Transfer of personal data to non-EU countries

Personal data may be transferred to parties located outside of the European Union (non-member countries) where

  • it is necessary to fulfill your order (e.g. supply contracts),
  • we have a statutory obligation to do so (e.g. tax reporting rules, combating criminal offenses),
  • it is required to secure the company’s IT operations,
  • we have a legitimate interest in such data transfer, or
  • you have given your consent.

In the event of the transfer of data to a party in a non-member country, appropriate guarantees pursuant to Art. 44 ff. GDPR will ensure compliance with the level of data protection that applies in the European Union.

10. Price information

For purposes of customer-specific pricing, we store personal data such as given name, surname, contact details and name of company. We use this data exclusively to transmit the requested information and to keep a record of your consent. You can revoke your consent to the storage of the data, the e-mail address and their use for sending price information at any time with future effect. Please follow the instructions in the e-mail or write to us using the contact details provided.

11. External links

Our online offers include links to websites of third parties with which we have no contractual relationship. Once the link has been selected, we have no influence on the processing of any personal data such as the IP address or the URL on which the link is located. We can accept no responsibility for the processing of such personal data by third parties.

12. Cookies

12.1 General

Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your end device and do not contain viruses, Trojans or other malware. Information is stored in the cookie that is generated in connection with the specific end device used.

There are consent-free cookies and cookies requiring consent. Consent-free cookies are those which are necessary in order to make use of our online offer or which serve IT security (strictly necessary cookies). The legal basis for such data processing is Art. 6 (1) (f) GDPR. On the other hand, cookies requiring consent serve to make the use of our offer more pleasant for you (preference cookies). For example, we use cookies to recognize that you have already visited individual pages on our website or that you have already logged into your customer account. In addition, also in the interest of user-friendliness, we use temporary cookies that are stored on your end device for a specified period of time. If you visit our website again in order to make use of our services, the system automatically recognizes that you have visited us before and remembers the information you have provided and settings you have entered so that you do not have to do so again. We also use cookies for statistical analysis of the use of our website and evaluation in order to optimize our offer for you and to display information specially tailored to you (marketing and statistics cookies). The legal basis for data processing with cookies requiring consent is Art. 6 (1) (a) GDPR. This data includes page views, length of visit, IP address, country, etc. We analyze this statistical data in order to improve our offer and to assess the acceptance of individual web pages.

12.2 The following cookies are used on our website:

12.3 Use of technologies of etracker GmbH

This website uses the technology of etracker GmbH ( to collect and store data for marketing and optimization purposes. These files can be used to create pseudonymous user profiles. Cookies are used to permit statistical analysis of the use of this website during your visits and the display of use-related advertising content. Etracker cookies contain no information which permit identification of the user.

The data collected using etracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data relating to the bearer of the pseudonym without the express consent of the person concerned.

Data processing is carried out on the basis of the legal provisions of Art. 6 (1) (f) GDPR. Our legitimate interest within the terms of the GDPR is the optimization of our online offer and our website. As we consider the privacy of our visitors very important, data which might permit a connection to be established with any specific person such as IP address, login or device ID are anonymized or pseudonymized as soon as possible. No other use of the data is made, and they are not merged with any other etracker data or passed on to third parties. By clicking on this link, you can object to the collection and processing of data using the tracking technology of etracker GmbH at any time with effect for the future.

13. Social media

We maintain fan pages and company-related sites on diverse social networks and platforms in order to communicate with customers and potential customers and to inform them about our products and activities. For this purpose, we place links on our website to our fan pages and sites so that they can be found more quickly. When accessing the various networks and platforms, the terms of business and privacy policies of the respective operators apply.

13.1 Youtube

This website uses the video platform YouTube, operated by YouTube, LLC, (hereinafter referred to as “YouTube”). YouTube is a platform on which video files can be uploaded for others to play.

When you call up a corresponding page of our offer, the embedded YouTube player establishes a connection to the YouTube servers so that video and audio files can be downloaded and used. At the same time, data is also transferred to YouTube as the responsible party. We can accept no responsibility for such data processing by YouTube.

13.2 Vimeo

This website embeds videos from Vimeo operated by Vimeo LLC (hereinafter referred to as “Vimeo”).

Further information about data processing by Vimeo and your related rights can be found in Vimeo's privacy policy at

13.3 Facebook

This online offer includes links to the services of Facebook Ireland Ltd. (hereinafter referred to “Facebook”).

When you visit our Facebook page, Facebook records your IP address and possibly further information that is available on your PC in the form of cookies. This information is used to provide us as the owners of the Facebook fan page with statistical information on the use of the Facebook page.

The data collected on you in this context is processed by Facebook and may be transferred to countries outside of the European Union. Your attention is drawn to the fact that Facebook is responsible under data protection law for the transfer and subsequent processing of such data. Facebook provides data protection information describing in general terms which specific data Facebook receives and how it is used. Further information on the subject is provided in Facebook’s privacy policy at

13.4 Instagram

Our pages contain links to Instagram. This service is provided and operated by Instagram Inc., which is domiciled in the US.

Information on the subject of data protection is provided in Instagram’s privacy policy at

13.5 XING

This website provides a link to our profile on the social platform XING, which is a network for professionals to connect.

13.6 Twitter

Our website includes links to Twitter, a service provided by Twitter Inc. (hereinafter referred to as “Twitter”). With the use of Twitter and the re-tweet feature, the web pages you visit are linked to your Twitter account and disclosed to other users. At the same time, data is transferred to Twitter. Please note that we as the provider of the web pages have no knowledge of the content of the transferred data and its use by Twitter. Further information on the subject is provided in Twitter’s privacy policy at You can change your Twitter privacy settings in your account settings at

13.7 LinkedIn

Our website also includes links to the LinkedIn social network provided by the LinkedIn Corporation (hereinafter referred to as “LinkedIn”). If you click on the link, you will first be redirected to your (logged in) user account via a separate browser window. LinkedIn receives information about your visit to our website by processing your IP address. LinkedIn is also able to establish a correlation between your visit to our website and your user account. Please note that we have no knowledge of the content of the transferred data and its use by LinkedIn. Further information on the subject is provided in LinkedIn’s privacy policy at

14. Data security

Our employees and the service providers we hire have a duty to observe confidentiality and to comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational safety measures to protect your personal data from loss, manipulation, destruction, and unauthorized access and disclosure. Our safety measures are continually updated in accordance with the latest technological developments.

15. Webshop and Spare Parts Catalog

We operate our Goldhofer e-shop under The website is a B2B online shop, from which you as a (potential) customer, or you as an employee of our (potential) customer, can order and purchase our products.
We operate our Goldhofer spare parts catalog under As a customer, or as an employee of our customer, you can order and purchase spare parts for Goldhofer products here.
While using the online store and the spare parts catalog, the data you enter (see below) and the products you select are processed for the purpose of submitting and processing offers, concluding contracts, fulfilling contracts, and complying with any subsequent contractual obligations. In connection with this, we process the following personal data:

  • Name, position, email address, login and access data, password, IP address, access logs, where applicable

Only registered users can place orders. You can register either directly by entering your details in the form under the links above or - in the case of the online store - alternatively by sending us an e-mail to and requesting to register for an account. We will then send your personal access data to you via email. You have the option at any time to change or delete the user and registration data, for example if you as an employee of our customer leave the company or change your position. The storage period for contract and order data is based on the retention periods under German Commercial Law in § 257 (4) (10 years for accounting records, 6 years for offers, order confirmations, orders). The legal basis for the processing of your personal data is § 6 (1f). Otherwise, please refer to the additional information in this data protection declaration, in particular with regard to our contact data and your rights. If you have any other questions, please contact us at any time by writing to

16. Duration of data storage

We store your data for the duration of the contractual relationship with you or your employer or for as long as necessary to provide our online offer. In addition, we store your personal data for as long as we have a legitimate interest in further storage. The data will be deleted after expiration of the statutory or contractual retention period, e.g. under tax and commercial law. Data not subject to the duty to preserve records will be deleted when the specified purpose no longer applies.

17. Rights as a customer, supplier and user of our website

As a customer or user of our website you have various rights. Please make use of the information provided in the Contact section to assert your rights. When doing so, please ensure that we are able to clearly identify you.

In accordance with the EU’s General Data Protection Regulation, you will receive information upon request free of charge and at any time regarding the storage of your personal data (Art. 15 GDPR). Please note that under certain circumstances your right to information may be restricted in accordance with legal provisions, in particular Art. 34 FDPA-new.

You furthermore have the right to correction (Art. 16 GDPR ) or deletion (Art. 17 GDPR) of said data provided that the statutory requirements are met. Exceptions to the right to deletion include data relating to business activities which are subject to a statutory duty of retention.

You also have the right pursuant to Art. 18 GDPR to restrict the processing of your personal data.

18. Right of objection

Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which we perform to protect our legitimate interests. We will then discontinue the processing of your data unless we can prove, in accordance with the statutory provisions, that we have mandatory grounds for further processing which are worthy of protection and prevail over your rights.

19. Right of objection to direct marketing

You can object to the processing of your personal data for advertising purposes at any time. Please note that for organizational reasons there might be an overlap between your revocation and the use of your data in an ongoing campaign.

20. Right to data portability

Upon request, we guarantee the portability of the personal data provided by you through transfer in a standard machine-readable data format.

21. Duty to provide personal data

If a contractual relationship exists between you and Goldhofer AG or Goldhofer Airport Technology GmbH, you must provide the personal data which is required for the initiation, performance and termination of the contract and compliance with the associated contractual duties or which we have a statutory obligation to collect. Without the provision of said data, we will not normally be able to conclude a contract with you.

To the extent that there is no necessity for your data to be processed within the scope of use of this website for the initiation, performance and termination of a contract and it is not a statutory requirement, the provision of your data is voluntary. Please note, however, that certain website functions and other services will not be available in the case of failure to provide the necessary data.

22. Automatic processing of personal data

Your personal data will only be processed automatically if this is necessary for the conclusion or performance of a contract and the process has no legal or similar effect for you.

23. Complaint to supervisory bodies

If you are dissatisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority. For that purpose you can contact the relevant data protection agency.

The competent data protection agency in the case of Goldhofer AG:

Bayerische Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach
Telephone: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300

The competent supervisory authority in the case of Goldhofer Airport Technology GmbH:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstrasse 10a
70173 Stuttgart
Telephone: +49 (0)711/615541-0
Telefax: +49 (0)711/615541-15

24. Copyright

All texts, images, graphics and sound, video and animation files and their arrangements are protected by copyright and are subject to further laws relating to intellectual property rights. They may not be copied for commercial purposes or for distribution, nor may they be modified and used on other websites. Some of the Company’s webpages also contain material that is subject to the copyright of those who have provided it.