Privacy policy

As of May 25, 2018, the General Data Protection Regulation (GDPR), a new data protection regulation adopted by the European Union, is in effect. Our primary purpose as Premium Gold GmbH ("Premium Gold") is to ensure the security of your information and unify the rules for its processing. We are fully committed to this cause and take all necessary measures to protect your data.

As a personal data Administrator, Premium Gold GmbH (“Premium Gold”) is dedicated to providing transparency and control over your data. We take all necessary organisational and technical measures to meet all the requirements of the GDPR. Our activities are carried out in strict adherence to the Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protecting natural persons through the processing of personal data and the free movement of such data.

Art. 1. (1) Any personal data that you share when or in connection with your use of this website is processed and stored by:

Administrator Information: 

Name: Premium Gold GmbH (“Premium Gold”)

Commercial Registration Number: HRB 270400

Registered office: Level 8, Linkstraße 2, 10785 Berlin, Germany

Address for correspondence. Level 8, Linkstraße 2, 10785 Berlin, Germany

Phone: +49 15888 493070

Email: info@premiumgold.com

Website: premiumgold.com 

Information on the competent data protection supervisory authority:

Name: Federal Commissioner for Data Protection and Freedom of Information (BfDI) 

Registered office: Graurheindorfer Str. 153 53117 Bonn

Telephone: +49 228 997799 0

E-mail: poststelle@bfdi.bund.de 

Terms used

Art. 2. (1) For the Privacy Policy, the following words shall be interpreted and understood following each definition.

  1. "Personal data" means any information linking to an identified or identifiable living natural person. Individual data, which, when aggregated together, may lead to identifying a specific individual, also constitutes personal data. Examples are first and last name, home address, email address, identity card number, location data, and internet protocol (IP) address. 
  2. "Website" - a distinct global Internet network accessible through its unified address (URL) via HTTP, HTTPS or other standardised protocol and containing system files, database, text content, and graphic elements to promote the trader's activity.
  3. 'Processing' means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. "Administrator" - a natural or legal person, public authority, agency or other body which, alone or jointly with third parties, carries out the collection, processing and storage of personal data.
  5. "Data ProtectionNotices" - notices containing information provided to data subjects when the Company collects information about them. These notices can be either general (e.g. addressed to employees or notices on the organisation's website) or related to processing for a specific purpose.
  6. 'pseudonymisation' - the substitution of information that directly or indirectly identifies an individual by one or more identifiers ('pseudonyms') so that the individual cannot be identified without access to the additional information, which should be kept separate and confidential.
  7. "Consent" - any freely given, specific, informed and unambiguous indication of the data subject's wishes, using a statement or an explicit affirmative action, which expresses consent to the processing of personal data relating to them.
  8. "Anonymised data" means personal data that have been processed so that the data subject can no longer be identified.
  9. "Data subject" - the natural person to whom the personal data relates. In other words, it is the person whose information is collected, held, used or processed by an organisation.

General Provisions

Art. 2 (1) We collect and process your data using the website http://premiumgold.com  based on Art. 6 para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  1. Your explicit consent as a User;
  2. Compliance with a legal obligation to report to government and regulatory authorities that applies to the Administrator;
  3. For the legitimate interests of the Administrator;

Purposes and principles for the collection, processing and storage of your data

Art. 3 We collect and process the personal data you provide to us when using certain functionalities available on the website http://premiumgold.com. This enhances your user experience and provides you with the best possible service. 

  1. Contact in connection with the activities of the Administrator, including at or in connection with the conclusion of a distance purchase contract;
  2. Statistical and analytics purposes;
  3. Marketing objectives and research into the specifics of the user experience to improve website functionality and design;
  4. Legal & Accounting purposes 

Art. 4 (1) The Administrator shall comply with the following principles when collecting, processing and storing your data: 

  • Legality, fairness and transparency;
  • Limitation of the purposes of the processing;
  • Data minimisation in line with objectives;
  • Limitation of the storage period to achieve the objectives;
  • Accuracy and timeliness of data;
  • Integrity and confidentiality of processing and ensuring their security;

(2) The Administrator may process and store personal data to protect its legitimate interests, such as safeguarding legal interests before the competent German court and performing its obligations to the government and municipal authorities.

Types of personal data collected, processed and stored.

Art. 5 (1) The Administrator shall process the following categories of personal data and information about the purposes and grounds set out below:

  1. Contact details (name, phone, email address.)

Purpose for which the data is collected: 

You can use the website's contact form to submit a request to sign a precious metals purchase agreement or to contact the Administrator for more details regarding its business activities.

Reason for processing your data:

When you send the request via the contact form, you accept the General Terms and Conditions and the Privacy Policy, establishing a contractual relationship based on which we process your data—Art. 6 (b) GDPR.

  1. User experience data (frequency of visits, last visit, time spent on site, pages viewed, iterations with the website, etc.)

Purpose for which the data is collected: 

Optimise the content and design of individual pages to personalise the user experience, increase customer satisfaction with the Administrator, and improve the overall goods and services. The information is anonymised and encrypted, so no specific user and their data can be accessed.

Reason for processing your data:

Acceptance of the Privacy Policy or the Cookie Policy when logging into the site constitutes subsequent consent when performing a specific action—Art. 6 (a) GDPR.

Art. 6 (1) The Administrator shall not collect or process personal data relating to the following: 

  1. Racial or ethnic origin;
  2. Political, religious or philosophical beliefs, or membership of trade unions, political or non-governmental organisations;
  3. Genetic and biometric data, health data or data on sex life or sexual orientation.

(2) The Administrator collects personal data from the persons they relate to.

(3) The Company does not collect data on persons under 16 years of age except with the express consent of their parent or legal representative.

Retention period of collected personal data

Art.7 (1) The Administrator shall keep the personal data collected only for the period necessary to achieve the purposes set out in this Policy and where it has the right or obligation under law to keep them longer. Various factors determine the length of retention, such as the duration of service provision, if necessary to establish, exercise or defend our legal claims, or whether we have a legal obligation to retain the data. The appropriate periods are based on various legal requirements (for example - § 257 HGB), such as:

(2) The duration of storage depends also on the following factors

  1. Time to use website features;
  2. Legal Obligations;

(3) The time limits that the Administrator shall observe in processing and storing the data are as follows:

  • no obligation to retain: immediate deletion;
  • Two years for marketing needs 
  • Three-year limitation period according to § 195 BGB plus 1-year security reserve;
  • Five-year retention period for commercial leases plus 1-year security reserve;
  • Six-year retention period for tax documents plus 1-year security reserve.

Users have rights regarding the collection, processing, and storage of personal data, including the right to withdraw consent for such processing.

Art. 8 (1) The user has the right to withdraw his consent to processing by filling in the form located in the section "Applications". The user  may be exercised if he does not wish all or part of their data to continue to be processed by the Company for specific or all processing purposes, 

(2) After withdrawing consent to processing personal data, you can exercise the right to browse the website, view the products offered, and place orders. 

(3) Consent may be withdrawn after a completed order.

(4) The withdrawal of consent shall not affect the lawfulness of processing personal data that the Data Administrator has carried out up to that point.

Right of access

Art. 9 (1) The user shall have the right to request and obtain confirmation from the Administrator as to whether personal data relating to him or her are being processed, what personal data are being processed and other information relating to processing personal data.

(2) The Administrator shall provide, upon request, a copy of the processed personal data relating to the User in electronic or other appropriate form.

(3) Providing data access is free, but the Administrator reserves the right to impose an administrative fee in case of repetition or excessive requests.

Right of correction or completion

Art. 10 The user can correct or complete inaccurate or incomplete personal data related to him by: 

  • Complete the form in the "Attachments" section and send it by e-mail to the Administrator. 

Right to erasure ("being forgotten")

Art. 11 (1) If the User wishes to have some or all of his data deleted, he may request this from the Administrator, who is obliged to delete them without delay.

(2) After exercising this right, the Administrator will delete all your data except for the following information:

  1. information needed to verify that your right to be forgotten has been fulfilled - email, IP address;
  2. technical information about the functioning of the website, which information cannot be linked in any way to your person;

Art. 12 (1) To exercise his right to deletion, the User shall take the following steps:

  • Submit a request by emailing the Administrator the completed form in the "Attachments" section.

(2) Once the identity of the person who made the request and the person to whom the data relates has been verified, the Data Administrator shall delete the data processed by the person concerned. 

(3) If an order has been placed and is being processed, the earliest the right may be exercised is upon completion of the processing of the order. 

Right to restriction

Art. 13 In the following cases, the Website User shall have the right to request the Administrator to restrict the processing of data relating to him. The hypotheses are as follows:

  • Contest the accuracy of the personal data for a period that allows the Administrator to verify the accuracy of the personal data;
  • Unlawful processing, but you do not want the personal data to be erased, but only for its use to be restricted;
  • The Administrator no longer needs the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims;
  • Object to processing and await verification of whether the legitimate grounds of the Administrator take precedence over the interests of Users.

Right to portability

Art. 14 (1) At any time, the User shall have the right to download, request, and receive in machine-readable format the data stored and processed for him in connection with using the website's services. The right shall be exercised by email after filling in the form located in the "Applications" section.

(2) The personal data stored by the Trader may be obtained by: 

  1. requesting the Data Administrator to provide you with your data in a readable format and to transfer it to another Trader/Data Administrator;
  2. If technically feasible, request the Administrator to transfer your data directly to a Merchant/Data Administrator you nominated.

Right to receive information.

Art. 15: You have the right to request from the Administrator the information of all recipients who have had access to the personal data for which rectification, erasure, or restriction of processing has been requested. The Administrator may only accept this if possible or if it requires a disproportionate effort.

Right to object

Art. 16 (1) You may object at any time to the processing of personal data concerning you by the
Administrator, including if it is processed for direct marketing purposes

Your rights in the event of a data breach

Art. 17 (1) In the event of a breach in the security of your data detected by the Administrator, which threatens the rights and freedoms of citizens, the Administrator shall notify the User(s) concerned thereof, as well as the measures taken or to be taken.

(2) The preceding shall not apply if the Administrator has taken appropriate technical and organisational data protection measures;

Persons who have access to your data

Art. 18 (1) In connection with the performance of the contract by the Merchant and the provision of the full functionality of the website, the Merchant may provide your data to the following data processors:

  1. Employees in the accounting  & legal department;
  2. Hosting service provider
  3. Sales & Technical department
  4. Marketing department
  5. Employees of a freight forwarding company that carries out the delivery of goods, where a third party carries out the delivery; 
  6. Government and regulatory authorities.

Purposes of processing personal data: 

  1. To process the order data and carry out delivery to an address;
  2. Processing of accounting records in fulfilment of the Merchant's obligations under applicable German law
  3. Protection of the legitimate and legal interest of the company in connection with its business activities; 
  4. Increase company market share, including for business development, marketing analytics and advertising purposes
  5. The provision of information society services, including website user experience optimisation
  6. Reporting to governmental and regulatory authorities, as well as in the event of complaints in connection with the company's activities; 

(2) Said persons who process personal data shall comply with all legality and security requirements in processing and storage.

Art. 19 (1) Generally, your data shall be stored and processed throughout the European Union and the European Economic Area (EEA). If your data is transferred outside the European Union or the EEA, the transfer will be subject to any of the following safeguards:

  1. Binding corporate rules from the relevant supervisory authority;
  2. Based on standard contractual terms adopted by the European Commission,
  3. An approved code of conduct or certification mechanism in the presence of legally binding and enforceable obligations on the third-party processor.

(2) If we determine that one of these measures is insufficient to provide an adequate level of protection, we will, on a case-by-case basis, adopt additional technical and organisational security measures by the recommendations of the European Commission. You can contact us anytime using the contact details listed above to learn more about the countries where we transfer your data and the safeguards we have in place concerning these transfers.

Final Provisions

Art. 20 In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to complain to the Federal Commissioner for Data Protection and Freedom of Information (BfDI) 

Art. 21 (1) The Merchant may amend this Privacy Policy to notify all Users appropriately.

(2) The parties agree that any amendment and modification of this document will be effective against the User in one of the following events, whichever event is first in time:

  •  Upon express notice by the Merchant and if the User does not state within the 14 days provided that it rejects them

or

  • after their publication on the Merchant's website, and if the User does not declare within 14 days of their publication that he rejects them, 

or

  • by the User's express acceptance of them through their account on the Merchant's website.

Applications

Art. 22 You can exercise all your rights regarding data protection through the forms attached below or the functionalities in your profile. 

  1. Withdrawal of consent form for processing purposes - Annex 1 Download here
  2. Request "to be forgotten" - to delete personal data related to me - Annex No. 2 Download here
  3. Request for portability of personal data - Annex 3 Download here
  4. Request for rectification of data - Annex No. 4 Download here

This privacy policy is adopted and effective as of 28.08.2024