Golden Star Directory

Privacy Policy

We think, that trust is a fundamental part of building a successful and long-term business relationship.

Speaking about data protection, we would like to earn your trust through a high degree of transparency and responsible action. That is why we disclose in this document what happens to your data transmitted to us.

The processing of all personal data (including, for example, your name, postal address, e-mail address, etc.) is subject to the General Data Protection Regulation (GDPR) and country-specific data protection laws applicable to us.

In the following you will receive further information about how we process your personal data and how you can claim your rights according to the applicable data protection laws.

Definitions of terms

Computer / computer system - this term refers to all types of devices used by you to access our website or any other services offered online or for those products and services requiring Internet access for their operation (e.g. software products).

Personal data - this term refers to any kind of information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an ID number, a location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Anonymous surfing and basic processing of personal data

In principle, it is possible to use our website without providing any personal data.

For providing certain services of our business, however, it is necessary that we process personal data. If there is no legal basis for this processing, we will of course obtain your explicit consent in advance.

We ensure the protection of all personal data processed via this website through numerous technical and organisational measures. This is done according to the current state-of-the-art.

Our website uses the latest encryption techniques for data transmission.

Origin of personal data processed by us

We only process personal data that you make available to us in the context of your customer relationship, which is absolutely necessary for the fulfilment of our services. This also includes data that we legitimately collect from publicly accessible sources (e.g. Internet, commercial registers) as well as receive from other third parties (e.g. credit agencies).

Possible data contents: Personal data (e.g. name, address, contact data), documentation data (e.g. protocols and transcripts), communication data (e.g. e-mail address) and other data similar to the above categories.

Responsible for data processing

If you have any questions regarding our data protection declaration or the exercise of your rights, please do not hesitate to contact us personally:

TOBIAS EICHNER IT + CONSULTING | Mr. Tobias Eichner | Egerer Straße 2 | 95369 Untersteinach, Germany
Telephone: +49 (0) 177 / 713 5158 | E-mail:

Legal basis and purpose of data processing

We process personal data exclusively on the basis of the General Data Protection Regulation (GDPR) and country-specific data protection laws applicable to us.

Based on your consent (Art. 6 par. 1 a GDPR)

On the basis of your explicit consent, we will only process your personal data for the agreed purpose.

You can revoke your consent at any time (please contact the above-mentioned responsible data processing department). The revocation of your consent does not affect the lawfulness of the data processing until revocation.

Fulfilment of contractual obligations (Art. 6 par. 1 b GDPR)

Your data will be processed to the extent necessary for the provision of our services. The specific purposes of data processing depend on the service booked (for details, please refer to the service agreements for details).

Due to legal requirements (Art. 6 par. 1 c GDPR) or if in the public interest (Art. 6 par. 1 e GDPR)

We are subject to certain legal obligations; in particular with regard to accounting obligations and tax law. Therefore, we also process your personal data, for example, for the fulfilment of tax control and reporting obligations.

Balancing of interests (Art. 6 par. 1 f GDPR)

If necessary, your data will be processed to protect our legitimate interests and to protect the legitimate interests of third parties; this includes, for example...

  • the assertion of legal claims and the use in the context of legal disputes.
  • to ensure the security of our IT systems.
  • the prevention and investigation of criminal offences.

Recipients of personal data

Only authorised bodies within our company who are responsible for fulfiling contractual and legal obligations are granted regulated access to your personal data. The same applies to service providers commissioned by us who work for us within this framework.

We ensure the protection of your data by organizational and technical measures, according to current state-of-the-art methods. This also applies to service providers commissioned by us.

Transfer of data to third countries or organisations outside the European Union

Data transmission in this context only occurs if...

  • you have given us your explicit consent.
  • the service to be provided absolutely requires it (e.g. search engine submissions).
  • a legal regulation requires this (e.g. tax reporting obligation).

To perform certain tasks, we use service providers who may be located in a third country (e.g. datacenter). This is permitted exclusively on the basis of article 45 GDPR, in the context of a decision of the European Commission on the existence of an adequate level of protection in this third country.

Unless the European Commission made a decision, data submission is done only if appropriate guarantees are provided (e.g. data protection provisions approved by the European Commission or the local authority under a defined procedure) and if enforceable rights and effective remedies are provided.

In contracts signed with such service providers, we always oblige them to comply with the European data protection level.

Storage duration of personal data

Your personal data will be used by us as long as it is necessary for the fulfilment of our contractual and legal obligations. We will then immediately remove such data from our systems, unless further use is necessary for the following purposes:

  • Fulfilment of commercial and tax law storage obligations (e.g. commercial law, tax law) - the legally defined storage periods are varying between two and ten years.
  • Preservation of evidence within the context of statutory statute of limitations (e.g. §195 ff. BGB) - the usual statutory period is 3 years, otherwise up to 30 years.

Your privacy rights

Right of access by the data subject (Art. 15 GDPR)

We will be pleased to inform you whether your personal data is processed by us, provide information on this data as well as further details and send you a copy of this data.

Right to rectification (Art. 16 GDPR)

Upon your request, we will immediately rectify any incorrect data collected and update incomplete data as quickly as possible.

Right to erasure (Art. 17 GDPR)

You can make use of your right to the immediate removal of personal data, provided that the fulfilment of our contractual and legal obligations does not conflict with your deletion claim.

Right to restriction of processing (Art. 18 GDPR)

As an alternative to the right of deletion, you also have the right to restrict the processing of personal data.

Right to data portability (Art. 20 GDPR)

Upon request, we will make your data available in a machine-readable format so that you can pass it on to third parties.

Right of objection (Art. 21 GDPR)

You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, which is based on Art. 6 par. 1 e or Art. 6 par. 1 f GDPR. This also applies to profiling based on these provisions.

We will then no longer process your data unless we may prove compelling, legitimate reasons for processing which outweigh your interests, rights and freedoms, or the processing is intended to enforce, practice or defend legal claims.


Within the scope of the right of access and right to erasure you must observe the restrictions according to §34 and §35 BDSG.

In addition, there is a right of appeal to a responsible data protection supervisory authority (Art. 77 GDPR and §19 BDSG).

You can revoke your consent to the processing of personal data at any time. Please note that the revocation only applies to future processing; processing that has taken place until the revocation remains unaffected.

Obligation of data provision

You must provide us with any personal data we need to fulfill our contractual and legal obligations. Otherwise, we will usually not be able to provide our services for you.

Automated decision making and profiling (Art. 22 GDPR)

We do not use automated decision making techniques.

In individual cases we use legally received data from credit bureaus to evaluate a possible cooperation or a possible signing of a contract with you. To the extent required by law, we will obtain your explicit consent in advance.

Log data generated during the visit of our website

While visiting our website, we automatically collect a number of data:

  • Date/time stamp of the visit
  • Duration of the connection
  • Host name and IP address
  • Web browser (type and version)
  • Operating system (type and version)
  • Website, that contained the link used to visit us (so-called "referrer")
  • Visited pages on our website (including amount of transmtitted data)
  • Other data, such as data used to defend against attacks on our IT systems

This data remains stored for a maximum of 14 days and is then converted into anonymous statistics. At no time any personal data is exploited. The storage of anonymized data is separated from the storage of personal data.

We use this data to maintain the general functionality and security of our technical services and to investigate possible cases of misuse. Identification of individual visitors is technically impossible due to the anonymisation used.


This website does not use cookies in the context of the GDPR.

Contact options (on our website)

You can contact us either by letter post, by phone or directly by e-mail ("electronic mail"). In addition, we offer the option of exchanging encrypted e-mails.

If you send us a letter or an e-mail, personal data you submitted will be stored automatically. For telephone enquiries, we keep written notes on the contents of the call. These data are collected on a voluntary basis (see Art. 6 par. 1 sentence 1 lit. a GDPR) and are used solely to initiate contact and to process your inquiry.

The data will not be passed on to third parties. After processing your request, all personal data will be automatically deleted.

Links to external content

We regularly set links to contents of external providers that are beyond our control. This applies not only to the content displayed there but also to the use of the data transmitted by you on this content.

If you have any questions about data protection on external websites, please contact the responsible operator.

We are always there for you: | Privacy policy | Legal notice